Lucene search
HistoryDec 04, 2023 - 1:15 a.m.
CVE-2023-38003
ibm db2
privilege escalation
vulnerability
linux
unix
windows
dataaccess
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.9%
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.
Affected configurations
Node
ibmdb2Match10.5linux
ORibmdb2Match10.5unix
ORibmdb2Match10.5windows
ORibmdb2Match11.1linux
ORibmdb2Match11.1unix
ORibmdb2Match11.1windows
ORibmdb2Match11.5linux
ORibmdb2Match11.5unix
ORibmdb2Match11.5windows
Related
cve
cve
CVE-2023-38003
2023-12-04 01:15:08
prion
prion
Code injection
2023-12-04 01:15:00
cvelist
cvelist
CVE-2023-38003 IBM Db2 command execution
2023-12-04 00:12:37
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.9%
Related for NVD:CVE-2023-38003