CVE-2023-27859

Sažetak

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/249205
https://security.netapp.com/advisory/ntap-20240307-0002/
https://www.ibm.com/support/pages/node/7105503
https://exchange.xforce.ibmcloud.com/vulnerabilities/249205
https://security.netapp.com/advisory/ntap-20240307-0002/
https://www.ibm.com/support/pages/node/7105503

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

20-06-2025 - 19:15

Objavljeno

22-01-2024 - 20:15