CVE-2023-33854
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A vulnerability in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 allows an authenticated user to bypass client-side validation and manipulate input data using man-in-the-middle techniques.
Risk Assessment
The risk involves potential unauthorized modification of data transmitted between client and server, which could lead to data integrity breaches and possible privilege escalation within the database environment.
Recommendation
It is recommended to immediately upgrade to the latest available version of IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data, and to implement network traffic encryption (e.g., TLS) to protect against man-in-the-middle attacks.
Original NVD description (English source)
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

