Primary

Context

IBM Db2 Information Disclosure Vulnerability in Log Files

Vulnerability

An information disclosure vulnerability has been identified in IBM Db2 for Linux, UNIX, and Windows, specifically in version 11.5. This vulnerability allows sensitive information to be inadvertently included in a log file under certain conditions. The issue also affects Db2 Connect Server.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure by allowing sensitive data to be written to log files.

Remediation

Users can download a special build containing the interim fix for this vulnerability from Fix Central. These special builds are available based on the most recent fix pack level for each impacted release. For version 11.5, the special build #50315 or later for V11.5.9 is available. Instructions for downloading this build can be found on the IBM Support page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Information Disclosure Vulnerability in Log Files

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating