- 312/2023
- High
IBM has released security updates to fix multiple vulnerabilities in IBM Db2 versions 10.5.0.x, 11.1.4.x, and 11.5.x.
The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or gain elevated privileges by executing routines that they shouldn’t have access to on the vulnerable system.
Sample of the addressed vulnerabilities:
1. IBM Db2 Command Execution Vulnerability (CVE-2023-38003):
- CVSS:7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
2. IBM Db2 Denial of Service Vulnerability (CVE-2023-43020):
- CVSS:6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2023-38003
- CVE-2023-29258
- CVE-2023-45178
- CVE-2023-43020
- CVE-2023-46167
- CVE-2023-47701
- CVE-2023-40692
- CVE-2023-40687
- CVE-2023-38727
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.