PT-2023-5225 · Ibm · Ibm Db2 Jdbc Driver

Xu Yuanzhen

Publicado

2023-07-08

Atualizado

2023-08-03

CVE-2023-27867

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows versions 10.5, 11.1, and 11.5

Description The issue is related to incorrect code generation management in the IBM DB2 JDBC driver, which could allow a remote authenticated attacker to execute arbitrary code. By sending a specially crafted request using the clientRerouteServerListJNDIName property, an attacker could exploit this to execute arbitrary code on the system.

Recommendations For versions 10.5, 11.1, and 11.5, consider disabling the use of the clientRerouteServerListJNDIName property until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

BDU:2023-05833

CVE-2023-27867

Produtos afetados

Ibm Db2 Jdbc Driver

PT-2023-5225 · Ibm · Ibm Db2 Jdbc Driver

CVE-2023-27867

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6