IBM Db2 on Cloud Pak for Data <=5.3: Authenticated MITM bypass of clientside validation
CVE-2023-33854 Published on June 22, 2026

Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-33854 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.


Products Associated with CVE-2023-33854

stack.watch emails you whenever new vulnerabilities are published in IBM Db2 On Cloud Pak For Data or IBM Db2 Warehouse On Cloud Pak Data. Just hit a watch button to start following.

IBM Db2 On Cloud Pak For Data
 
IBM Db2 Warehouse On Cloud Pak Data
 

Affected Versions

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data:

Exploit Probability

EPSS
0.20%
Percentile
10.12%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.