CVE-2021-29678

HIGH8.7

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

CVSS breakdown

CVSS 3.0

Confidentiality

High

Privileges Required

High

Scope

Changed

Attack Vector

Network

Integrity

High

Attack Complexity

Low

User Interaction

None

Availability

None

Changed

Unchanged

Affected products

ibm / Db2 for Linux, UNIX and Windows10.5 – 10.5
ibm / Db2 for Linux, UNIX and Windows10.1 – 10.1
ibm / Db2 for Linux, UNIX and Windows9.7 – 9.7
ibm / Db2 for Linux, UNIX and Windows11.1 – 11.1
ibm / Db2 for Linux, UNIX and Windows11.5 – 11.5

References

MISChttps://www.ibm.com/support/pages/node/6523806
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/199914
MISChttps://security.netapp.com/advisory/ntap-20220114-0002/