#VU88069 Information disclosure in IBM DB2 LUW - CVE-2023-38729


Vulnerability identifier: #VU88069

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38729

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM DB2 LUW
Server applications / Database software

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM DB2 LUW: before 10.5

External links
https://www.ibm.com/support/pages/node/7145721

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM dashDB Local
Multiple vulnerabilities in IBM Big SQL on Cloud Pak for Data
Multiple vulnerabilities in IBM Cloud Pak System
Multiple vulnerabilities in Datacap
Multiple vulnerabilities in IBM OpenPages
Multiple vulnerabilities in IBM Storage Protect Server
Multiple vulnerabilities in IBM Db2 on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Multiple vulnerabilities in IBM Security Guardium Key Lifecycle Manager
Multiple vulnerabilities in IBM Application Performance Management products
Multiple vulnerabilities in IBM Security Verify Governance, Identity Manager