Vulnerabilities > CVE-2024-31870 - Information Exposure Through Discrepancy vulnerability in IBM I

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-203

NVD

Published: 2024-06-15

Updated: 2024-08-01

Summary

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM I 7.3 IBM I 7.4 IBM I 7.5 IBM I 7.2	4

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.ibm.com/support/pages/node/7157638
https://exchange.xforce.ibmcloud.com/vulnerabilities/287174