CVE-2023-27859

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27859
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/249205 VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0002/
https://www.ibm.com/support/pages/node/7105503 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
History

07 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240307-0002/ -

25 Jan 2024, 02:03

Type Values Removed Values Added
Summary
  • (es) IBM Db2 10.1, 10.5 y 11.1 podría permitir que un usuario remoto ejecute código arbitrario causado por la instalación de archivos jar con nombres similares en múltiples bases de datos. Un usuario podría aprovechar esto instalando un archivo jar malicioso que sobrescriba el archivo jar existente con el mismo nombre en otra base de datos. ID de IBM X-Force: 249205.
CPE cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/249205 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/249205 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7105503 - () https://www.ibm.com/support/pages/node/7105503 - Patch, Vendor Advisory
First Time Linux
Ibm aix
Hp hp-ux
Ibm linux On Ibm Z
Ibm
Linux linux Kernel
Hp
Microsoft
Microsoft windows
Oracle solaris
Ibm db2
Oracle

22 Jan 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-22 20:15

Updated : 2024-03-07 17:15

NVD link : CVE-2023-27859

Mitre link : CVE-2023-27859

CVE.ORG link : CVE-2023-27859

JSON object : View

Products Affected

microsoft

  • windows

ibm

  • linux_on_ibm_z
  • db2
  • aix

linux

  • linux_kernel

oracle

  • solaris

hp

  • hp-ux
CWE
NVD-CWE-noinfo