CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
57.2%
IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed.
CVEID:CVE-2023-39323
**DESCRIPTION:**Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the “//go:cgo_” directives. By providing specially crafted input in the linker and compiler flags, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268524 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Db2 Rest |
1.0.0.121-amd64 to 1.0.0.291-amd64
IBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM® Db2® REST release containing the fix for these issues.
Product(s) | Fixed in Version(s) |
---|---|
Db2 REST |
1.0.0.1158-amd64
latest-amd64
Follow the instructions below to download IBM Db2 REST from the IBM Cloud Container Registry.
<https://www.ibm.com/docs/en/db2/11.5?topic=endpoints-downloading-rest-service>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | db2_for_linux\,_unix_and_windows | 11.5.8.0 | cpe:2.3:a:ibm:db2_for_linux\,_unix_and_windows:11.5.8.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
57.2%