What is the severity of CVE-2023-47747?

CVE-2023-47747 has a notable severity as it can lead to a denial of service.

Who is affected by CVE-2023-47747?

CVE-2023-47747 affects IBM DB2 for Linux, UNIX and Windows versions 10.1, 10.5, and 11.1.

How do I fix CVE-2023-47747?

To fix CVE-2023-47747, apply the latest patches provided by IBM for the affected versions of DB2.

Can an unauthenticated user exploit CVE-2023-47747?

No, CVE-2023-47747 requires an authenticated user with CONNECT privileges to exploit.

What kind of attack does CVE-2023-47747 enable?

CVE-2023-47747 enables a denial of service attack via specially crafted queries.

Vulnerability/
CVE-2023-47747

medium

6.5

CWE

8/1/2024

22/1/2024

20/2/2025

CVE-2023-47747: IBM Db2 denial of service

First published: Mon Jan 08 2024(Updated: )

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
All of
Any of
IBM Db2	>=10.5.0.0<=10.5.0.11
IBM Db2	>=11.1.0.0<=11.1.4.7
IBM Db2	>=11.5<=11.5.9
Any of
HPE HP-UX
IBM AIX
IBM Linux on IBM z
Linux Kernel
Microsoft Windows
Oracle Solaris SPARC
IBM Data Virtualization on Cloud Pak for Data	<=3.0
IBM Watson Query on Cloud Pak for Data	<=2.2
IBM Watson Query on Cloud Pak for Data	<=2.1
IBM Watson Query on Cloud Pak for Data	<=2.0
IBM Data Virtualization on Cloud Pak for Data	<=1.8
IBM Data Virtualization on Cloud Pak for Data	<=1.7

Remedy

https://www.ibm.com/support/pages/node/7105502

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183851

Frequently Asked Questions

What is the severity of CVE-2023-47747?
CVE-2023-47747 has a notable severity as it can lead to a denial of service.
Who is affected by CVE-2023-47747?
CVE-2023-47747 affects IBM DB2 for Linux, UNIX and Windows versions 10.1, 10.5, and 11.1.
How do I fix CVE-2023-47747?
To fix CVE-2023-47747, apply the latest patches provided by IBM for the affected versions of DB2.
Can an unauthenticated user exploit CVE-2023-47747?
No, CVE-2023-47747 requires an authenticated user with CONNECT privileges to exploit.
What kind of attack does CVE-2023-47747 enable?
CVE-2023-47747 enables a denial of service attack via specially crafted queries.

agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/author
agent/remedy
collector/mitre-cve
source/MITRE
agent/trending
agent/source
agent/last-modified-date
agent/severity
agent/references
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/ibm-support
source/IBM
vendor/ibm
canonical/ibm db2
version/ibm db2/10.5.0.0
version/ibm db2/10.5.0.11
version/ibm db2/11.1.0.0
version/ibm db2/11.1.4.7
version/ibm db2/11.5
version/ibm db2/11.5.9
vendor/hp
canonical/hpe hp-ux
canonical/ibm aix
canonical/ibm linux on ibm z
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows
vendor/oracle
canonical/oracle solaris sparc
canonical/ibm data virtualization on cloud pak for data
version/ibm data virtualization on cloud pak for data/3.0
canonical/ibm watson query on cloud pak for data
version/ibm watson query on cloud pak for data/2.2
version/ibm watson query on cloud pak for data/2.1
version/ibm watson query on cloud pak for data/2.0
version/ibm data virtualization on cloud pak for data/1.8
version/ibm data virtualization on cloud pak for data/1.7