CVE-2023-47152

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47152
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7105605 Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0001/
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

27 Sep 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/270730', 'name': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/270730', 'tags': ['VDB Entry', 'Vendor Advisory'], 'refsource': ''}
Summary IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
CWE NVD-CWE-noinfo CWE-209

07 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240307-0001/ -

25 Jan 2024, 02:03

Type Values Removed Values Added
First Time Ibm
Ibm aix
Linux linux Kernel
Ibm linux On Ibm Z
Linux
Ibm db2
Microsoft
Microsoft windows
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7105605 - () https://www.ibm.com/support/pages/node/7105605 - Patch, Vendor Advisory

22 Jan 2024, 20:28

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-22 20:15

Updated : 2024-09-27 14:15

NVD link : CVE-2023-47152

Mitre link : CVE-2023-47152

JSON object : View

Products Affected

ibm

  • linux_on_ibm_z
  • db2
  • aix

linux

  • linux_kernel

microsoft

  • windows
CWE
CWE-209

Generation of Error Message Containing Sensitive Information