CVE-2023-33854

Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

Assigner: ibm
Reserved: 23.05.2023 Published: 22.06.2026 Updated: 22.06.2026

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
Versions	affected from 4.8.0 to 1.8.4 (incl.) affected from 5.0.0 to 5.3.0 (incl.)

Vendor

IBM

Product

Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

Versions

affected from 4.8.0 to 1.8.4 (incl.)
affected from 5.0.0 to 5.3.0 (incl.)

Solutions

IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.

ProductFixed in Fix Pack

Instructions

IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

v5.4

Db2 Warehouse: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading

Db2: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading

References

Problem Types