First published: Fri Jul 07 2023(Updated: )
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | =10.5.0.11 | |
Ibm Db2 | =11.1.4.7 | |
IBM IBM® Db2® | =11.5 | |
Microsoft Windows | ||
<=10.5.0.11 | ||
<=11.1.4.7 | ||
<=11.5.x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this IBM Db2 vulnerability is CVE-2023-27558.
CVE-2023-27558 has a severity rating of 8.4, which is considered high.
The affected software versions for CVE-2023-27558 are IBM Db2 on Windows 10.5, 11.1, and 11.5.
This vulnerability occurs due to at least one installed service using an unquoted service path in IBM Db2 on Windows.
An attacker can exploit this vulnerability to gain elevated privileges on the affected system.