PT-2024-24258 · Ibm · Ibm Db2 For I
Zoltan Panczel
·
Published
2024-06-15
·
Updated
2024-08-01
·
CVE-2024-31870
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Db2 for i versions 7.2 through 7.5
Description
The issue allows a local authenticated attacker to perform user enumeration without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks.
Recommendations
For IBM Db2 for i versions 7.2 through 7.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Db2 For I