CVE-2023-27558

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 10.5 through 11.5

Description The issue is related to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this to gain elevated privileges by inserting an executable file in the path of the affected service.

Recommendations For IBM Db2 versions 10.5 through 11.5, consider quoting the service path of the affected service to prevent exploitation. As a temporary workaround, restrict access to the service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.