CVE-2021-20373

moderate-risk
Published 2021-12-09

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (5)

Db2
Db2
Db2
Db2
Db2

Affected Vendors

Ibm

References (6)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/195521
Third Party Advisory https://security.netapp.com/advisory/ntap-20220225-0005/
Patch https://www.ibm.com/support/pages/node/6523804
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/195521
Third Party Advisory https://security.netapp.com/advisory/ntap-20220225-0005/
Patch https://www.ibm.com/support/pages/node/6523804
39
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 12/34 · Low