IBM Db2 versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 for Linux, UNIX, and Windows, including DB2 Connect Server, store potentially sensitive information in log files. This vulnerability is classified under CWE-532, which concerns the insertion of sensitive information into log files. The vulnerability allows local users with access to the system to read sensitive data from these logs. The CVSS 3.1 base score is 5.5, reflecting a medium severity with local attack vector, low attack complexity, and low privileges required. No official remediation or patch information is currently provided.

The vulnerability could lead to unauthorized disclosure of sensitive information to local users who have access to the log files. This exposure could compromise confidentiality but does not affect integrity or availability. There are no known exploits in the wild, and the impact is limited to local users with access to the affected system's logs.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor IBM's advisories for updates. Until a patch is available, restrict local access to log files to trusted users only and consider reviewing logging configurations to minimize sensitive data exposure.