Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Db2 on Cloud Pak for Data by IBM

    CVE-2023-42005 (GCVE-0-2023-42005)

    Vulnerability from nvd – Published: 2024-05-29 12:53 – Updated: 2024-08-02 19:16
    VLAI
    Title
    IBM Db2 on Cloud Pak for Data privilege escalation
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, Access Controls
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data Affected: 3.5, 4.0, 4.5, 4.6, 4.7, 4.8
        cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T15:31:04.424637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:23.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:16:49.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7155078"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Db2 on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.\u003c/span\u003e\n\n"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T12:53:04.315Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7155078"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Db2 on Cloud Pak for Data privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-42005",
        "datePublished": "2024-05-29T12:53:04.315Z",
        "dateReserved": "2023-09-06T19:32:50.696Z",
        "dateUpdated": "2024-08-02T19:16:49.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42005 (GCVE-0-2023-42005)

    Vulnerability from cvelistv5 – Published: 2024-05-29 12:53 – Updated: 2024-08-02 19:16
    VLAI
    Title
    IBM Db2 on Cloud Pak for Data privilege escalation
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, Access Controls
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data Affected: 3.5, 4.0, 4.5, 4.6, 4.7, 4.8
        cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T15:31:04.424637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:23.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:16:49.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7155078"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Db2 on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.\u003c/span\u003e\n\n"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T12:53:04.315Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7155078"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Db2 on Cloud Pak for Data privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-42005",
        "datePublished": "2024-05-29T12:53:04.315Z",
        "dateReserved": "2023-09-06T19:32:50.696Z",
        "dateUpdated": "2024-08-02T19:16:49.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }