Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-32029 |
CWE-ID | CWE-401 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
IBM Connect Direct for Microsoft Windows Client/Desktop applications / Software for system administration |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU53233
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32029
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due memory leak when processing UPDATE ... RETURNING
command on a purpose-crafted partitioned table. A remote authenticated user can run the affected command and read arbitrary bytes of server memory. In the default
configuration, any authenticated database user can create prerequisite objects
and complete this attack at will.
Install update from vendor's website.
Vulnerable software versionsIBM Connect Direct for Microsoft Windows: 6.0.0.0 - 6.1.0.2
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.