Main Vulnerability Database Vulnerabilities #VU81945

Permissions, Privileges, and Access Controls in IBM DB2 - CVE-2023-27558

Published: October 12, 2023

Vulnerability identifier: #VU81945

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-27558

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
IBM DB2

Software vendor:
IBM Corporation

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local attacker can exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7010571
https://exchange.xforce.ibmcloud.com/vulnerabilities/249194
https://security.netapp.com/advisory/ntap-20230818-0017/

Permissions, Privileges, and Access Controls in IBM DB2 - CVE-2023-27558

Description

Remediation

External links

Please verify you're human