CVE-2021-20373

HIGH

IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Information Disclosure via LOAD Utility

Title source: llm
STIX 2.1

Description

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6523804
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/195521
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220225-0005/

Scores

CVSS v3 7.5
EPSS 0.0030
EPSS Percentile 53.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (5)
ibm/db2 9.7
ibm/db2 10.1
ibm/db2 10.5
ibm/db2 11.1
ibm/db2 11.5
Published Dec 09, 2021
Tracked Since Feb 18, 2026