How severe is CVE-2021-29678?

High severity. CVSS v3 base score is 8.7 out of 10.

Vulnerability in Ibm Db2 For Linux, Unix And Windows

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.0/C:H/PR:H/S:C/AV:N/I:H/AC:L/UI:N/A:N/RC:C/E:U/RL:O.

Affected products

Ibm Db2 For Linux, Unix And Windows — versions 10.5, 10.1, 9.7

References

www.ibm.com/support/pages/node/6523806 (x_refsource_CONFIRM)
ibm-db2-cve202129678-access-control (199914) (vdb-entry, x_refsource_XF)
security.netapp.com/advisory/ntap-20220114-0002/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-29678?: CVE-2021-29678 is a high-severity vulnerability in Ibm Db2 For Linux, Unix And Windows. CVSS score: 8.7/10. Published 2021-12-09.
How severe is CVE-2021-29678?: High severity. CVSS v3 base score is 8.7 out of 10.