IBM DB2 10.5/11.1 /11.5 JAR File

Summaryinfo

A vulnerability classified as problematic has been found in IBM DB2 10.5/11.1 /11.5. The affected element is an unknown function of the component JAR File Handler. This manipulation causes an unknown weakness. The identification of this vulnerability is CVE-2023-27859. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in IBM DB2 10.5/11.1 /11.5 (Database Software). It has been declared as problematic. Affected by this vulnerability is some unknown processing of the component JAR File Handler. As an impact it is known to affect integrity. The summary by CVE is:

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

The weakness was shared 01/22/2024. It is possible to read the advisory at ibm.com. This vulnerability is known as CVE-2023-27859 since 03/06/2023. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/22/2024).

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (249205). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Database Software

Vendor

• IBM

Name

• DB2

Version

• 10.5
• 11.1
• 11.5

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion