CVE-2023-27859
published 2024-01-22CVE-2023-27859: IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | db2 | 10.5.0.0 – 10.5.0.11 | — |
| ibm | db2 | 11.1.0.0 – 11.1.4.7 | — |
| ibm | db2 | 11.5 – 11.5.9 | — |