CVE-2023-29256

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5

Description The issue is related to improper privilege management when certain federation features are used, which may allow a remote attacker to gain access to confidential information. This is due to insufficient access control in the system.

Recommendations For versions 10.5, 11.1, and 11.5, update to a version that properly manages privileges for federation features to prevent information disclosure. As a temporary workaround, consider restricting access to federation features until a patch is available. Avoid using federation features in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.