CVE Published: 26/04/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: ibm |
Vendor: IBM |
Product: Db2 for Linux, UNIX and Windows Status : PUBLISHED
CVE-2023-29257 Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.
Metrics
CVSS Version: 3.1 |
Base Score: 7.2 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H