CVE-2023-47152

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.5

Description The issue is related to the use of defective cryptographic algorithms, which can allow a remote attacker to gain unauthorized access to protected information. It also involves information disclosure in stack trace under exceptional conditions.

Recommendations For IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.5, consider updating to a version that addresses the insecure cryptographic algorithm and information disclosure issues. As a temporary workaround, restrict access to sensitive information and monitor system logs for suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.