SB2023020862 - Multiple vulnerabilities in IBM DB2

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-43930)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.

2) Improper Privilege Management (CVE-ID: CVE-2022-43927)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper privilege management when a specially crafted table access is used.. A remote user can gain access to sensitive information.

3) Resource exhaustion (CVE-ID: CVE-2022-43929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing input passed to the "Load" command. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6953755
• https://www.ibm.com/support/pages/node/6953759
• https://www.ibm.com/support/pages/node/6953763