CVE-2023-47152

Published: Jan 22, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

Affected (1)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Ibm Db2	Before 11.5.9

Running on/with	Platform Versions
Ibm Aix	All versions
Ibm Linux On Ibm Z	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (5)

https://security.netapp.com/advisory/ntap-20240307-0001/

Source: psirt@us.ibm.com

https://www.ibm.com/support/pages/node/7105605

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/270730

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240307-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.ibm.com/support/pages/node/7105605

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.