What is CVE-2023-33854?

CVE-2023-33854 is a medium-severity vulnerability in Ibm Db2 On Cloud Pak For Data And Warehouse, classified under Authentication Bypass by Capture-replay. CVSS score: 5.3/10. Published 2026-06-22.

How severe is CVE-2023-33854?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Ibm Db2 On Cloud Pak For Data And Warehouse

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Ibm Db2 On Cloud Pak For Data And Warehouse — versions 4.8.0, 5.0.0

Weakness classification (CWE)

CWE-294 — Authentication Bypass by Capture-replay

References

psirt@us.ibm.com (vendor-advisory, patch)

Frequently asked questions

What is CVE-2023-33854?: CVE-2023-33854 is a medium-severity vulnerability in Ibm Db2 On Cloud Pak For Data And Warehouse, classified under Authentication Bypass by Capture-replay. CVSS score: 5.3/10. Published 2026-06-22.
How severe is CVE-2023-33854?: Medium severity. CVSS v3 base score is 5.3 out of 10.