CVE-2024-40679 MEDIUM

CVE-2024-40679: IBM Db2 information disclosure

Vendor Ibm
Product Db2
Weakness CWE-532 · Sensitive info in logs
Published January 8, 2025
Last update January 8, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.

Key dates

02Disclosure timeline

January 8, 2025 CVE published
January 8, 2025 Record updated