CVE-2023-33854 | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak… | CVSS 5.3 MEDIUM

Description

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

Metadata

CVE ID: CVE-2023-33854
State: PUBLISHED
Assigner: ibm
Reserved: 2023-05-23 00:32 UTC
Published: 2026-06-22 14:31 UTC
Last updated: 2026-06-22 14:31 UTC
Primary CWE: CWE-294
CWE-294 Authentication Bypass by Capture-replay
Vendor / Product: IBM / Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
IBM	Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data	—	4.8.0 ≤ 1.8.4, 5.0.0 ≤ 5.3.0

Weakness (CWE)

CWE	Source	Description
CWE-294	cna	CWE-294 Authentication Bypass by Capture-replay

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References (1)

https://www.ibm.com/support/pages/node/7277112