CVE-2023-38729

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7145721	Vendor Advisory
https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259	Broken Link Third Party Advisory
https://security.netapp.com/advisory/ntap-20240517-0004/	Third Party Advisory
https://www.ibm.com/support/pages/node/7145721	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:db2:10.5:::::linux::
	cpe:2.3:a:ibm:db2:10.5:::::unix::
	cpe:2.3:a:ibm:db2:10.5:::::windows::
	cpe:2.3:a:ibm:db2:11.1:::::linux::
	cpe:2.3:a:ibm:db2:11.1:::::unix::
	cpe:2.3:a:ibm:db2:11.1:::::windows::
	cpe:2.3:a:ibm:db2:11.5:::::linux::
	cpe:2.3:a:ibm:db2:11.5:::::unix::
	cpe:2.3:a:ibm:db2:11.5:::::windows::

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-:::::::*

History

31 Jan 2025, 15:42

Type	Values Removed	Values Added
First Time		Ibm linux On Ibm Z Oracle solaris Oracle Linux Ibm db2 Ibm aix Microsoft windows Linux linux Kernel Hp hp-ux Ibm Microsoft Hp
CWE		NVD-CWE-noinfo
References	~~() https://www.ibm.com/support/pages/node/7145721 -~~	() https://www.ibm.com/support/pages/node/7145721 - Vendor Advisory
References	~~() https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259 -~~	() https://https://exchange.xforce.ibmcloud.com/vulnerabilities/262259 - Broken Link, Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20240517-0004/ -~~	() https://security.netapp.com/advisory/ntap-20240517-0004/ - Third Party Advisory
CPE		cpe:2.3:a:ibm:db2:10.5:::::unix:: cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:a:ibm:db2:10.5:::::linux:: cpe:2.3:a:ibm:db2:11.5:::::windows:: cpe:2.3:a:ibm:db2:11.5:::::unix:: cpe:2.3:a:ibm:db2:11.5:::::linux:: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:ibm:db2:11.1:::::linux:: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:oracle:solaris:-:::::::* cpe:2.3:a:ibm:db2:11.1:::::windows:: cpe:2.3:a:ibm:db2:10.5:::::windows:: cpe:2.3:o:hp:hp-ux:-:::::::* cpe:2.3:a:ibm:db2:11.1:::::unix:: cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*

09 Jan 2025, 15:15

Type	Values Removed	Values Added
Summary	(en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. IBM X-Force ID: 262259.	(en) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

Information

Published : 2024-04-03 13:16

Updated : 2025-01-31 15:42

NVD link : CVE-2023-38729

Mitre link : CVE-2023-38729

CVE.ORG link : CVE-2023-38729

JSON object : View

Products Affected

oracle

solaris

ibm

linux_on_ibm_z
db2
aix

hp-ux

linux

linux_kernel

microsoft

windows

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

6.8 /10