CVE-2023-33854

MEDIUM

IBM Db2 on Cloud Pak for Data - Client-Side Validation Bypass

Title source: manual
STIX 2.1

Description

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7277112

Scores

CVSS v3 5.3
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-294
Status published
Products (4)
ibm/db2 4.8 - 5.4
IBM/Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 4.8.0 - 1.8.4
IBM/Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 5.0.0 - 5.3.0
ibm/db2_warehouse 4.8 - 5.4
Published Jun 22, 2026
Tracked Since Jun 22, 2026