IBM Db2 code execution
CVE-2023-27859
6.5MEDIUM
Summary
IBM Db2 versions 10.1, 10.5, and 11.1 are susceptible to a vulnerability that allows for the execution of arbitrary code by a remote user. This issue arises from the incorrect management of similarly named jar files across different databases. An attacker can exploit this flaw by inserting a malicious jar file that replaces an existing jar file of the same name in another database, enabling them to execute harmful commands remotely. Organizations using these Db2 versions must take action to mitigate this risk by ensuring that their systems are configured properly and that necessary updates are applied.
Affected Version(s)
Db2 for Linux, UNIX and Windows 10.5, 11.1 ,11.5
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved