First published: Tue Apr 02 2024(Updated: )
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Db2 | =11.1 | |
IBM Data Virtualization on Cloud Pak for Data | <=3.0 | |
IBM Watson Query with Cloud Pak for Data | <=2.2 | |
IBM Watson Query with Cloud Pak for Data | <=2.1 | |
IBM Watson Query with Cloud Pak for Data | <=2.0 | |
IBM Data Virtualization on Cloud Pak for Data | <=1.8 | |
IBM Data Virtualization on Cloud Pak for Data | <=1.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-25030 is classified as a moderate severity vulnerability due to the potential exposure of sensitive information in log files.
To fix CVE-2024-25030, ensure that log files are secured and do not store sensitive user information, and apply any available patches provided by IBM.
CVE-2024-25030 affects users of IBM Db2 for Linux, UNIX, and Windows, specifically version 11.1 and its related products.
The risks of CVE-2024-25030 include unauthorized access to potentially sensitive information by local users, leading to data exposure.
A potential workaround for CVE-2024-25030 is to restrict access to log files to authorized users only, while awaiting a permanent fix.