CVE-2023-38729

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5

Description The issue concerns sensitive information disclosure when using ADMIN CMD with IMPORT or EXPORT. This affects the specified versions of IBM Db2 for Linux, UNIX and Windows, including Db2 Connect Server.

Recommendations For versions 10.5, 11.1, and 11.5, consider restricting the use of ADMIN CMD with IMPORT or EXPORT until a patch is available. As a temporary workaround, avoid using ADMIN CMD with sensitive information in IMPORT or EXPORT operations. Restrict access to sensitive data when using ADMIN CMD to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.