6.5

CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases.  A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database.  IBM X-Force ID:  249205.

Data is provided by the National Vulnerability Database (NVD)
IbmDb2 Version >= 10.5.0.0 <= 10.5.0.11
   HpHp-ux Version-
   IbmAix Version-
   IbmLinux On Ibm Z Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version-
IbmDb2 Version >= 11.1.0.0 <= 11.1.4.7
   HpHp-ux Version-
   IbmAix Version-
   IbmLinux On Ibm Z Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version-
IbmDb2 Version >= 11.5 <= 11.5.9
   HpHp-ux Version-
   IbmAix Version-
   IbmLinux On Ibm Z Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.299
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
psirt@us.ibm.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.