7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.1%
Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin (CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193, CVE-2023-50308, 268195)
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Intelligent Operations Center (IOC) | 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2,5.2.3,5.2.4 |
Multiple vulnerabilities with different CVEs with different versions of IBM DB2 for Linux, UNIX and Windows has been raised .
Download the correct version of the fix pack from the following links as per your current installed DB2 version. Installation instructions for the fix are included in the document that is in the fix package
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)
<https://www.ibm.com/support/pages/node/7105496>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145)
<https://www.ibm.com/support/pages/node/7105500>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)
<https://www.ibm.com/support/pages/node/7105502>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)
<https://www.ibm.com/support/pages/node/7105503>
Versions Affected: 10.1, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)
<https://www.ibm.com/support/pages/node/7105505>
Versions Affected: 10.5, 11.1, 11.5
Security Bulletin: IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. (CVE-2023-47152)
<https://www.ibm.com/support/pages/node/7105605>
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)
<https://www.ibm.com/support/pages/node/7105497>
Versions Affected: 11.5
Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure
<https://www.ibm.com/support/pages/node/7105499>
Versions Affected: 11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)
<https://www.ibm.com/support/pages/node/7105501>
Versions Affected: 11.5
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)
<https://www.ibm.com/support/pages/node/7105506>
Versions Affected: 11.5
None
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.1%