CVE Catalog

CVE-2023-33854

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A vulnerability in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 allows an authenticated user to bypass client-side validation and manipulate input data using man-in-the-middle techniques.

Risk Assessment

The risk involves potential unauthorized modification of data transmitted between client and server, which could lead to data integrity breaches and possible privilege escalation within the database environment.

Recommendation

It is recommended to immediately upgrade to the latest available version of IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data, and to implement network traffic encryption (e.g., TLS) to protect against man-in-the-middle attacks.

Original NVD description (English source)

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS