CVE-2021-29678

moderate-risk

Published 2021-12-09

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.7/10 High

NETWORK / LOW complexity

Affected Products (6)

Db2

Oncommand Insight

Affected Vendors

Ibm Netapp

References (6)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/199914

Third Party Advisory https://security.netapp.com/advisory/ntap-20220114-0002/

Vendor Advisory https://www.ibm.com/support/pages/node/6523806

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/199914

Third Party Advisory https://security.netapp.com/advisory/ntap-20220114-0002/

Vendor Advisory https://www.ibm.com/support/pages/node/6523806

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 13/34 · Low