CVE-2023-27859 — Uncontrolled Search Path Element in IBM DB2

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 78.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedJan 22

Description

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/db210.5.0.0 — 10.5.0.11+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-xpvh-pm8h-2p8g: IBM Db2 10↗2024-01-22

▶

CVEList

IBM Db2 code execution↗2024-01-22

▶