IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Db2 | Ibm | 9.7 (including) | 9.7 (including) |
| Db2 | Ibm | 10.1 (including) | 10.1 (including) |
| Db2 | Ibm | 10.5 (including) | 10.5 (including) |
| Db2 | Ibm | 11.1 (including) | 11.1 (including) |
| Db2 | Ibm | 11.5 (including) | 11.5 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/221973
- https://security.netapp.com/advisory/ntap-20220729-0007/
- https://www.ibm.com/support/pages/node/6597993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/221973
- https://security.netapp.com/advisory/ntap-20220729-0007/
- https://www.ibm.com/support/pages/node/6597993