CVE-2023-27859

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 10.1 through 11.1

Description The issue allows a remote user to execute arbitrary code caused by installing like-named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database.

Recommendations For IBM Db2 versions 10.1 through 11.1, consider restricting access to jar file installations across multiple databases to minimize the risk of exploitation. As a temporary workaround, consider disabling the installation of jar files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.