CVE-2024-40679

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.5

Description The issue is related to an information disclosure vulnerability. Sensitive information may be included in a log file under specific conditions, potentially allowing an attacker to disclose protected information.

Recommendations For version 11.5, consider restricting access to log files to minimize the risk of exploitation. As a temporary workaround, review log file configurations to ensure sensitive information is not being recorded. At the moment, there is no information about a newer version that contains a fix for this vulnerability.