Rewterz Threat Advisory – Multiple Progress Software MOVEit Transfer Vulnerabilities
July 7, 2023Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
July 10, 2023Rewterz Threat Advisory – Multiple Progress Software MOVEit Transfer Vulnerabilities
July 7, 2023Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
July 10, 2023Severity
High
Analysis Summary
CVE-2023-30449 CVSS:7.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query.
CVE-2023-30445 CVSS:7.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query on certain tables.
CVE-2023-30443 CVSS:7.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query.
CVE-2023-30431 CVSS:8.4
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code.
Impact
- Denial of Service
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-30449
- CVE-2023-30445
- CVE-2023-30443
- CVE-2023-30431
Affected Vendors
IBM
Affected Products
- IBM DB2 for Linux UNIX and Windows 10.5
- IBM DB2 for Linux UNIX and Windows 11.1
- IBM DB2 for Linux UNIX and Windows 11.5
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.