Lucene search
IbmCVE-2023-42005HistoryMay 29, 2024 - 1:15 p.m.
CVE-2023-42005
2024-05-2913:15:48
CWE-264
ibm
web.nvd.nist.gov
32
ibm
db2
cloud pak
data
security vulnerability
kubernetes
x-force id
nvd
system calls
CVSS3
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
9.0%
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
Affected configurations
Node
ibmdb2_on_cloud_pak_for_dataMatch3.5
ORibmdb2_on_cloud_pak_for_dataMatch4.0
ORibmdb2_on_cloud_pak_for_dataMatch4.5
ORibmdb2_on_cloud_pak_for_dataMatch4.6
ORibmdb2_on_cloud_pak_for_dataMatch4.7
ORibmdb2_on_cloud_pak_for_dataMatch4.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | db2_on_cloud_pak_for_data | 3.5 | cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:3.5:*:*:*:*:*:*:* |
| ibm | db2_on_cloud_pak_for_data | 4.0 | cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:* |
| ibm | db2_on_cloud_pak_for_data | 4.5 | cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.5:*:*:*:*:*:*:* |
| ibm | db2_on_cloud_pak_for_data | 4.6 | cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.6:*:*:*:*:*:*:* |
| ibm | db2_on_cloud_pak_for_data | 4.7 | cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.7:*:*:*:*:*:*:* |
| ibm | db2_on_cloud_pak_for_data | 4.8 | cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:* |
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
}
]
}
]Related
cvelist
cvelist
CVE-2023-42005 IBM Db2 on Cloud Pak for Data privilege escalation
2024-05-29 12:53:04
vulnrichment
vulnrichment
CVE-2023-42005 IBM Db2 on Cloud Pak for Data privilege escalation
2024-05-29 12:53:04
nvd
nvd
CVE-2023-42005
2024-05-29 13:15:48
CVSS3
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2023-42005