PT-2023-7699 · Ibm · Ibm Db2
Published
2023-12-01
·
Updated
2024-01-19
·
CVE-2023-38727
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5
Description
The issue exists due to insufficient input validation in the system, allowing a remote attacker to cause a denial of service with a specially crafted SQL statement.
Recommendations
For versions 10.5, 11.1, and 11.5, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of specially crafted SQL statements until a patch is available.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2