IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/249194 | VDB Entry Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230818-0017/ | |
https://www.ibm.com/support/pages/node/7010571 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
18 Aug 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2023, 18:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://www.ibm.com/support/pages/node/7010571 - Patch, Vendor Advisory | |
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/249194 - VDB Entry, Vendor Advisory | |
CWE | CWE-269 |
10 Jul 2023, 16:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-10 16:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-27558
Mitre link : CVE-2023-27558
CVE.ORG link : CVE-2023-27558
JSON object : View
Products Affected
microsoft
- windows
ibm
- db2
CWE
CWE-269
Improper Privilege Management