IBM DB2 10.5/11.1/11.5 information disclosure

Summaryinfo

A vulnerability labeled as problematic has been found in IBM DB2 10.5/11.1/11.5. Affected by this vulnerability is an unknown functionality. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2022-43930. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability classified as problematic has been found in IBM DB2 10.5/11.1/11.5 (Database Software). Affected is an unknown part. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

The weakness was shared 02/17/2023. The advisory is shared for download at ibm.com. This vulnerability is traded as CVE-2022-43930 since 10/26/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (241677). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Database Software

Vendor

• IBM

Name

• DB2

Version

• 10.5
• 11.1
• 11.5

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion