CVE-2023-27869

Name of the Vulnerable Software and Affected Versions IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows versions 10.5, 11.1, and 11.5

Description The issue is related to an unchecked logger injection in the IBM Db2 JDBC Driver, which could allow a remote authenticated attacker to execute arbitrary code on the system. This can be achieved by sending a specially crafted request using the traceFile property. The vulnerability is also described as being related to incorrect code generation management.

Recommendations For versions 10.5, 11.1, and 11.5, consider disabling the use of the traceFile property until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the system to minimize the risk of remote authenticated attackers exploiting this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.