CVE-2023-33854
Awaiting Analysis
Awaiting Analysis - Queue
IBM Db2 Cloud Pak Data Man-in-the-Middle Bypass
Publication date: 2026-06-22
Last updated on: 2026-06-22
Assigner: IBM Corporation
Description
Description
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2_on_cloud_pak_for_data | From 4.8 (inc) to 5.3 (inc) |
| ibm | db2_warehouse_on_cloud_pak_for_data | From 4.8 (inc) to 5.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
