Request a Demo
Rewterz
Rewterz Threat Alert – RedLine Stealer – Active IOCs
December 4, 2023
Rewterz
Rewterz Threat Advisory – Multiple Zyxel NAS326 and NAS542 Vulnerabilities
December 4, 2023

Rewterz Threat Advisory – Multiple IBM Db2 Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-47701 CVSS:5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.

CVE-2023-46167 CVSS:5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.

CVE-2023-45178 CVSS:6.5

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used.

CVE-2023-43020 CVSS:6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

CVE-2023-40687 CVSS:5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.

CVE-2023-40692 CVSS:5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.

CVE-2023-38727 CVSS:5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.

CVE-2023-38003 CVSS:7.2

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.

CVE-2023-29258 CVSS:5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.

Impact

  • Denial of Service
  • Gain Privileges

Indicators Of Compromise

CVE

  • CVE-2023-47701
  • CVE-2023-46167
  • CVE-2023-45178
  • CVE-2023-43020
  • CVE-2023-40687
  • CVE-2023-40692
  • CVE-2023-38727
  • CVE-2023-38003
  • CVE-2023-29258

Affected Vendors

IBM

Affected Products

  • IBM DB2 for Linux
  • UNIX and Windows 10.5

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-47701

CVE-2023-46167

CVE-2023-45178

CVE-2023-43020

CVE-2023-40687

CVE-2023-40692

CVE-2023-38727

CVE-2023-38003

CVE-2023-29258