CVE-2023-29256
MEDIUMIBM Db2 10.5, 11.1, 11.5 - Information Disclosure via Federation Feature Privilege Mismanagement
Title source: llmDescription
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230731-0007/
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7010573
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/252046
Scores
CVSS v3
5.3
EPSS
0.0006
EPSS Percentile
19.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (3)
ibm/db2
10.5.0.11
ibm/db2
11.1.4.7
ibm/db2
11.5
Published
Jul 10, 2023
Tracked Since
Feb 18, 2026