- 156/2023
- High
IBM has released security updates to fix multiple vulnerabilities in IBM Db2 versions (10.5.0.11, 11.1.4.7, 11.5.x), and IBM Db2 JDBC drivers.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service attack on the affected product.
Sample of the addressed vulnerabilities:
1. IBM Db2 Denial of Service Vulnerability (CVE-2023-30445):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. IBM Db2 Code Execution Vulnerability (CVE-2023-27867):
- CVSS: 6.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2023-30443
- CVE-2023-30445
- CVE-2023-30446
- CVE-2023-30447
- CVE-2023-30448
- CVE-2023-30449
- CVE-2023-27867
- CVE-2023-27868
- CVE-2023-27869
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.