CVE-2023-42005 — HIGH (7.4)

Vulnerability Description

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	Db2	3.5
Ibm	Db2 Warehouse	3.5
Ibm	Cloud Pak For Data	-

Related Weaknesses (CWE)

CWE-264

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/265264Vendor Advisory
https://www.ibm.com/support/pages/node/7155078Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/265264Vendor Advisory
https://www.ibm.com/support/pages/node/7155078Vendor Advisory

FAQ

What is CVE-2023-42005?

CVE-2023-42005 is a vulnerability with a CVSS score of 7.4 (HIGH). IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the secur...

How severe is CVE-2023-42005?

CVE-2023-42005 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-42005?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2, Ibm Db2 Warehouse, Ibm Cloud Pak For Data.