cvelistv5 - cve-2023-27869

CVE-2023-27869 (GCVE-0-2023-27869)

Vulnerability from cvelistv5

Published

2023-07-08 18:40

Modified

2025-02-13 16:45

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.

References

URL

Tags

psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230803-0006/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230803-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	IBM	Db2 for Linux, UNIX and Windows	Version: 10.5, 11.1 ,11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7010029"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T19:26:15.429594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T19:45:59.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.5, 11.1 ,11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
            }
          ],
          "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T14:06:15.306Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7010029"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27869",
    "datePublished": "2023-07-08T18:40:10.686Z",
    "dateReserved": "2023-03-06T20:01:56.636Z",
    "dateUpdated": "2025-02-13T16:45:36.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-27869\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2023-07-10T16:15:50.187\",\"lastModified\":\"2024-11-21T07:53:36.557\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"522925FD-12E1-4F2A-9036-58B630EBBA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"112E9B7F-FA07-4B44-9EAE-2CB1121EA33F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*\",\"matchCriteriaId\":\"2788AA73-3346-4454-948E-9C1556DDDEBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F480AA32-841A-4E68-9343-B2E7548B0A0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91F372EA-3A78-4703-A457-751B2C98D796\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/249517\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230803-0006/\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www.ibm.com/support/pages/node/7010029\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/249517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230803-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ibm.com/support/pages/node/7010029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7010029\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/249517\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230803-0006/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:23:30.635Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-27869\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T19:26:15.429594Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T19:45:53.793Z\"}}], \"cna\": {\"title\": \"IBM Db2 code execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IBM\", \"product\": \"Db2 for Linux, UNIX and Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5, 11.1 ,11.5\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7010029\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/249517\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230803-0006/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2023-08-03T14:06:15.306Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-27869\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:45:36.261Z\", \"dateReserved\": \"2023-03-06T20:01:56.636Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2023-07-08T18:40:10.686Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2023-58518

Vulnerability from cnvd

Title

IBM DB2代码执行漏洞（CNVD-2023-58518）

Description

IBM DB2是美国国际商业机器（IBM）公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。 IBM DB2存在代码执行漏洞，该漏洞源于未经检查的记录器注入。攻击者可利用该漏洞在系统上执行任意代码。

Severity

高

Patch Name

IBM DB2代码执行漏洞（CNVD-2023-58518）的补丁

Patch Description

IBM DB2是美国国际商业机器（IBM）公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBMi、z/OS以及Windows服务器版本。 IBM DB2存在代码执行漏洞，该漏洞源于未经检查的记录器注入。攻击者可利用该漏洞在系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/7010029

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/249517

Impacted products

Name
['IBM DB2 10.5.0.11', 'IBM DB2 11.1.4.7', 'IBM DB2 11.5.*']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-27869",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-27869"
    }
  },
  "description": "IBM DB2\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u6267\u884c\u73af\u5883\u4e3b\u8981\u6709UNIX\u3001Linux\u3001IBMi\u3001z/OS\u4ee5\u53caWindows\u670d\u52a1\u5668\u7248\u672c\u3002\n\nIBM DB2\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u7ecf\u68c0\u67e5\u7684\u8bb0\u5f55\u5668\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7010029",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-58518",
  "openTime": "2023-07-25",
  "patchDescription": "IBM DB2\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u6267\u884c\u73af\u5883\u4e3b\u8981\u6709UNIX\u3001Linux\u3001IBMi\u3001z/OS\u4ee5\u53caWindows\u670d\u52a1\u5668\u7248\u672c\u3002\r\n\r\nIBM DB2\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u7ecf\u68c0\u67e5\u7684\u8bb0\u5f55\u5668\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM DB2\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2023-58518\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM DB2 10.5.0.11",
      "IBM DB2 11.1.4.7",
      "IBM DB2 11.5.*"
    ]
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517",
  "serverity": "\u9ad8",
  "submitTime": "2023-07-12",
  "title": "IBM DB2\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2023-58518\uff09"
}

CERTFR-2024-AVI-0692

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar	Security QRadar EDR versions 3.12.x antérieures à 3.12.10
IBM	WebSphere	IBM WebSphere Application Server version 9.0 avec Java Technology Edition versions antérieures à 8 Service Refresh 8 FP30
IBM	Db2	Db2 Big SQL on Cloud Pak for Data versions 7.2.x à 7.5.x antérieures à 7.5.3
IBM	Db2	Db2 versions 11.5.x sans le dernier correctif de sécurité
IBM	AIX	AIX version 7.3 avec un version de Python 3.9 antérieure à 3.9.19.2
IBM	QRadar SIEM	QRadar Suite versions 1.10.x antérieures à 1.10.24.0
IBM	VIOS	VIOS version 4.1 avec un version de Python 3.9 antérieure à 3.9.19.2
IBM	WebSphere	IBM WebSphere Application Server versions 8.5.x antérieures à 8.5.5.11 ou sans le correctif de sécurité temporaire PH62458
IBM	Sterling Connect:Direct	Sterling Control Center versions 6.2.x antérieures à 6.2.1.0 GA iFix13
IBM	Sterling Connect:Direct	Sterling Control Center versions 6.3.x antérieures à 6.3.1.0 GA iFix02
IBM	Cognos Analytics	Cognos Dashboards on Cloud Pak for Data versions antérieures à 5.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7165247	2024-08-11	vendor-advisory
Bulletin de sécurité IBM 7165360	2024-08-13	vendor-advisory
Bulletin de sécurité IBM 7165340	2024-08-13	vendor-advisory
Bulletin de sécurité IBM 7165344	2024-08-12	vendor-advisory
Bulletin de sécurité IBM 7165423	2024-08-13	vendor-advisory
Bulletin de sécurité IBM 7165284	2024-08-12	vendor-advisory
Bulletin de sécurité IBM 7165362	2024-08-13	vendor-advisory
Bulletin de sécurité IBM 7165364	2024-08-13	vendor-advisory
Bulletin de sécurité IBM 7165363	2024-08-13	vendor-advisory
Bulletin de sécurité IBM 7165488	2024-08-14	vendor-advisory
Bulletin de sécurité IBM 7165685	2024-08-16	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.10",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server version 9.0 avec Java Technology Edition versions ant\u00e9rieures \u00e0 8 Service Refresh 8 FP30",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL on Cloud Pak for Data versions 7.2.x \u00e0 7.5.x ant\u00e9rieures \u00e0 7.5.3",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.3 avec un version de Python 3.9 ant\u00e9rieure \u00e0 3.9.19.2",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite versions 1.10.x ant\u00e9rieures \u00e0 1.10.24.0",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 avec un version de Python 3.9 ant\u00e9rieure \u00e0 3.9.19.2",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.11 ou sans le correctif de s\u00e9curit\u00e9 temporaire PH62458",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.2.x ant\u00e9rieures \u00e0 6.2.1.0 GA iFix13",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.3.x ant\u00e9rieures \u00e0 6.3.1.0 GA iFix02",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.0.0",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2024-29041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2023-23613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23613"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2024-39008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2024-22353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
    },
    {
      "name": "CVE-2023-29256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
    },
    {
      "name": "CVE-2024-21890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
    },
    {
      "name": "CVE-2024-21896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
    },
    {
      "name": "CVE-2023-30431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-25024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25024"
    },
    {
      "name": "CVE-2024-22361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2023-35012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-30443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
    },
    {
      "name": "CVE-2024-29415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
    },
    {
      "name": "CVE-2023-27869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2023-30446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-46809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2023-27868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-37168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37168"
    },
    {
      "name": "CVE-2024-28176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2022-41917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41917"
    },
    {
      "name": "CVE-2024-22019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
    },
    {
      "name": "CVE-2024-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22233"
    },
    {
      "name": "CVE-2023-30445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
    },
    {
      "name": "CVE-2023-30447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2023-30442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2024-30261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
    },
    {
      "name": "CVE-2023-27867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2024-21892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-30448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2023-27558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2023-30449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
    },
    {
      "name": "CVE-2023-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2004"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2022-36046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36046"
    },
    {
      "name": "CVE-2024-21891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2024-30260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30260"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-22017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2023-23487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2024-28799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28799"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-27267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2023-23612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23612"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "initial_release_date": "2024-08-16T00:00:00",
  "last_revision_date": "2024-08-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0692",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-08-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165247",
      "url": "https://www.ibm.com/support/pages/node/7165247"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165360",
      "url": "https://www.ibm.com/support/pages/node/7165360"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165340",
      "url": "https://www.ibm.com/support/pages/node/7165340"
    },
    {
      "published_at": "2024-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165344",
      "url": "https://www.ibm.com/support/pages/node/7165344"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165423",
      "url": "https://www.ibm.com/support/pages/node/7165423"
    },
    {
      "published_at": "2024-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165284",
      "url": "https://www.ibm.com/support/pages/node/7165284"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165362",
      "url": "https://www.ibm.com/support/pages/node/7165362"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165364",
      "url": "https://www.ibm.com/support/pages/node/7165364"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165363",
      "url": "https://www.ibm.com/support/pages/node/7165363"
    },
    {
      "published_at": "2024-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165488",
      "url": "https://www.ibm.com/support/pages/node/7165488"
    },
    {
      "published_at": "2024-08-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165685",
      "url": "https://www.ibm.com/support/pages/node/7165685"
    }
  ]
}

CERTFR-2023-AVI-0839

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Order Management versions 10.0.x antérieures à 10.0.2309.0
IBM	N/A	IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3
IBM	Db2	IBM Db2 versions 10.5.0.x sans les derniers correctifs de sécurité
IBM	Db2	IBM Db2 versions 11.1.4.x sans les derniers correctifs de sécurité
IBM	Db2	IBM Db2 REST versions 1.0.0.121-amd64 à 1.0.0.276-amd64 antérieures à 1.0.0.291-amd64
IBM	N/A	IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3
IBM	Db2	IBM Db2 versions 11.5.x sans les derniers correctifs de sécurité
IBM	QRadar	IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 UP6
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7047565 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049129 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047481 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049434 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047499 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047754 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049133 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047724 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049435 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Order Management versions 10.0.x ant\u00e9rieures \u00e0 10.0.2309.0",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.4.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 REST versions 1.0.0.121-amd64 \u00e0 1.0.0.276-amd64 ant\u00e9rieures \u00e0 1.0.0.291-amd64",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2023-32697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
    },
    {
      "name": "CVE-2023-30991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2020-13956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
    },
    {
      "name": "CVE-2023-29256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2023-30431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2022-25147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2023-35012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
    },
    {
      "name": "CVE-2023-30443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2023-27869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2023-32342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2023-30446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-29007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29007"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2023-27868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2023-20867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
    },
    {
      "name": "CVE-2023-28709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2023-30445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2023-30447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
    },
    {
      "name": "CVE-2023-30442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2023-30441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2023-27867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
    },
    {
      "name": "CVE-2023-34396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2023-39976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2020-28491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-30448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2022-48339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
    },
    {
      "name": "CVE-2023-27558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2023-34981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34981"
    },
    {
      "name": "CVE-2023-30449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-30994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30994"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-25652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25652"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-23487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-40367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40367"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-26048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2023-34149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2023-10-13T00:00:00",
  "last_revision_date": "2023-10-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0839",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047565 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047565"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049129 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047481 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047481"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049434 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049434"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047499 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047499"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047754 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047754"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049133 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047724 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047724"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049435 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049435"
    }
  ]
}

fkie_cve-2023-27869

Vulnerability from fkie_nvd

Published

2023-07-10 16:15

Modified

2024-11-21 07:53

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://security.netapp.com/advisory/ntap-20230803-0006/
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/249517	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230803-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7010029	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5.0.11
ibm	db2	11.1.4.7
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
              "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
    }
  ],
  "id": "CVE-2023-27869",
  "lastModified": "2024-11-21T07:53:36.557",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:50.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7010029"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2023-1693

Vulnerability from csaf_certbund

Published

2023-07-09 22:00

Modified

2024-08-11 22:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1693 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1693.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1693 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1693"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010567 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010567"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010571 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010571"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010029 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010029"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010573 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010573"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010565 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010565"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010561 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010561"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010557 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010557"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7015281 vom 2023-07-28",
        "url": "https://www.ibm.com/support/pages/node/7015281"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7012409 vom 2023-08-03",
        "url": "https://www.ibm.com/support/pages/node/7012409"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7029359 vom 2023-09-08",
        "url": "https://www.ibm.com/support/pages/node/7029359"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7165247 vom 2024-08-11",
        "url": "https://www.ibm.com/support/pages/node/7165247"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-08-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:04.264+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1693",
      "initial_release_date": "2023-07-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-07-27T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-08-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-08-11T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Big SQL",
                "product": {
                  "name": "IBM DB2 Big SQL",
                  "product_id": "T022379",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:big_sql"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.5.0.11",
                "product": {
                  "name": "IBM DB2 \u003c10.5.0.11",
                  "product_id": "T028464"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.1.4.7",
                "product": {
                  "name": "IBM DB2 \u003c11.1.4.7",
                  "product_id": "T028465"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.5.x",
                "product": {
                  "name": "IBM DB2 \u003c11.5.x",
                  "product_id": "T028466"
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "category": "product_name",
            "name": "IBM License Metric Tool",
            "product": {
              "name": "IBM License Metric Tool",
              "product_id": "T029071",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:license_metric_tool:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Security Identity Manager",
            "product": {
              "name": "IBM Security Identity Manager",
              "product_id": "T023840",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:security_identity_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23487",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-23487"
    },
    {
      "cve": "CVE-2023-27558",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27558"
    },
    {
      "cve": "CVE-2023-27867",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27867"
    },
    {
      "cve": "CVE-2023-27868",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27868"
    },
    {
      "cve": "CVE-2023-27869",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27869"
    },
    {
      "cve": "CVE-2023-29256",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-29256"
    },
    {
      "cve": "CVE-2023-30431",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30431"
    },
    {
      "cve": "CVE-2023-30442",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30442"
    },
    {
      "cve": "CVE-2023-30443",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30443"
    },
    {
      "cve": "CVE-2023-30445",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30445"
    },
    {
      "cve": "CVE-2023-30446",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30446"
    },
    {
      "cve": "CVE-2023-30447",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30447"
    },
    {
      "cve": "CVE-2023-30448",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30448"
    },
    {
      "cve": "CVE-2023-30449",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30449"
    }
  ]
}

wid-sec-w-2023-1693

Vulnerability from csaf_certbund

Published

2023-07-09 22:00

Modified

2024-08-11 22:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1693 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1693.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1693 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1693"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010567 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010567"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010571 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010571"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010029 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010029"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010573 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010573"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010565 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010565"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010561 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010561"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 7010557 vom 2023-07-09",
        "url": "https://www.ibm.com/support/pages/node/7010557"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7015281 vom 2023-07-28",
        "url": "https://www.ibm.com/support/pages/node/7015281"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7012409 vom 2023-08-03",
        "url": "https://www.ibm.com/support/pages/node/7012409"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7029359 vom 2023-09-08",
        "url": "https://www.ibm.com/support/pages/node/7029359"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7165247 vom 2024-08-11",
        "url": "https://www.ibm.com/support/pages/node/7165247"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-08-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:04.264+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1693",
      "initial_release_date": "2023-07-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-07-27T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-08-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-08-11T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Big SQL",
                "product": {
                  "name": "IBM DB2 Big SQL",
                  "product_id": "T022379",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:big_sql"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.5.0.11",
                "product": {
                  "name": "IBM DB2 \u003c10.5.0.11",
                  "product_id": "T028464"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.1.4.7",
                "product": {
                  "name": "IBM DB2 \u003c11.1.4.7",
                  "product_id": "T028465"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.5.x",
                "product": {
                  "name": "IBM DB2 \u003c11.5.x",
                  "product_id": "T028466"
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "category": "product_name",
            "name": "IBM License Metric Tool",
            "product": {
              "name": "IBM License Metric Tool",
              "product_id": "T029071",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:license_metric_tool:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Security Identity Manager",
            "product": {
              "name": "IBM Security Identity Manager",
              "product_id": "T023840",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:security_identity_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-23487",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-23487"
    },
    {
      "cve": "CVE-2023-27558",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27558"
    },
    {
      "cve": "CVE-2023-27867",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27867"
    },
    {
      "cve": "CVE-2023-27868",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27868"
    },
    {
      "cve": "CVE-2023-27869",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-27869"
    },
    {
      "cve": "CVE-2023-29256",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-29256"
    },
    {
      "cve": "CVE-2023-30431",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30431"
    },
    {
      "cve": "CVE-2023-30442",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30442"
    },
    {
      "cve": "CVE-2023-30443",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30443"
    },
    {
      "cve": "CVE-2023-30445",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30445"
    },
    {
      "cve": "CVE-2023-30446",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30446"
    },
    {
      "cve": "CVE-2023-30447",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30447"
    },
    {
      "cve": "CVE-2023-30448",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30448"
    },
    {
      "cve": "CVE-2023-30449",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen. Diese sind unter anderem auf unquoted paths, Fehler bei der \u00dcberpr\u00fcfung von Klassen, Fehler in der Berechtitungsverwaltung, Fehler bei der Ber\u00fccksichtigung von Speichergrenzen sowie Fehler bei der Verarbeitung von Inhalten zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022379",
          "T029071",
          "T023840"
        ]
      },
      "release_date": "2023-07-09T22:00:00.000+00:00",
      "title": "CVE-2023-30449"
    }
  ]
}

gsd-2023-27869

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-27869

Aliases

CVE-2023-27869

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-27869",
    "id": "GSD-2023-27869"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-27869"
      ],
      "details": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517.",
      "id": "GSD-2023-27869",
      "modified": "2023-12-13T01:20:55.881689Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2023-27869",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Db2 for Linux, UNIX and Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "10.5, 11.1 ,11.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/7010029",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/7010029"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230803-0006/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2023-27869"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517",
              "refsource": "MISC",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/7010029",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7010029"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230803-0006/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230803-0006/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-03T15:15Z",
      "publishedDate": "2023-07-10T16:15Z"
    }
  }
}

ghsa-j8xr-8hjf-7jp2

Vulnerability from github

Published

2023-07-10 18:30

Modified

2024-04-04 05:52

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-27869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-10T16:15:50Z",
    "severity": "HIGH"
  },
  "details": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  249517.",
  "id": "GHSA-j8xr-8hjf-7jp2",
  "modified": "2024-04-04T05:52:00Z",
  "published": "2023-07-10T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27869"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7010029"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-27869 (GCVE-0-2023-27869)

Vulnerability from cvelistv5

Vulnerability from cnvd

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solution

Vulnerability from fkie_nvd

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from gsd

Vulnerability from github

Tags

Sightings

Nomenclature