cve-2023-27859
Vulnerability from cvelistv5
Published
2024-01-22 20:02
Modified
2024-08-02 12:23
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Db2 code execution
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/249205VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20240307-0002/
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7105503Patch, Vendor Advisory
Impacted products
IBMDb2 for Linux, UNIX and Windows
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7105503"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205."
            }
          ],
          "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-22T20:02:02.789Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7105503"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0002/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27859",
    "datePublished": "2024-01-22T20:02:02.789Z",
    "dateReserved": "2023-03-06T20:01:41.707Z",
    "dateUpdated": "2024-08-02T12:23:30.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-27859\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-01-22T20:15:46.550\",\"lastModified\":\"2024-03-07T17:15:09.753\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205.\"},{\"lang\":\"es\",\"value\":\"IBM Db2 10.1, 10.5 y 11.1 podr\u00eda permitir que un usuario remoto ejecute c\u00f3digo arbitrario causado por la instalaci\u00f3n de archivos jar con nombres similares en m\u00faltiples bases de datos. Un usuario podr\u00eda aprovechar esto instalando un archivo jar malicioso que sobrescriba el archivo jar existente con el mismo nombre en otra base de datos. ID de IBM X-Force: 249205.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5.0.0\",\"versionEndIncluding\":\"10.5.0.11\",\"matchCriteriaId\":\"C23E4D44-3305-407B-92C5-8190434A59DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0.0\",\"versionEndIncluding\":\"11.1.4.7\",\"matchCriteriaId\":\"FE8F88DC-637C-4F04-AE84-1BD0343FD8F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5\",\"versionEndIncluding\":\"11.5.9\",\"matchCriteriaId\":\"760B31B3-509C-49E4-BB2C-B48E33782141\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F480AA32-841A-4E68-9343-B2E7548B0A0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B955E472-47E3-4C32-847B-F6BB05594BA3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91F372EA-3A78-4703-A457-751B2C98D796\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/249205\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240307-0002/\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www.ibm.com/support/pages/node/7105503\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.