PT-2024-20709 · Ibm · Ibm Db2
Published
2024-04-03
·
Updated
2025-01-31
·
CVE-2024-25030
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.1
Description
The issue concerns the storage of potentially sensitive information in log files by IBM Db2 for Linux, UNIX and Windows, which could be accessed by a local user.
Recommendations
For IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.1, upgrade DB2 immediately to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2