Rewterz Threat Alert – RedLine Stealer – Active IOCs
December 4, 2023Rewterz Threat Advisory – Multiple Zyxel NAS326 and NAS542 Vulnerabilities
December 4, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
December 4, 2023Rewterz Threat Advisory – Multiple Zyxel NAS326 and NAS542 Vulnerabilities
December 4, 2023Severity
Medium
Analysis Summary
CVE-2023-47701 CVSS:5.3
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query.
CVE-2023-46167 CVSS:5.9
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.
CVE-2023-45178 CVSS:6.5
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used.
CVE-2023-43020 CVSS:6.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
CVE-2023-40687 CVSS:5.3
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.
CVE-2023-40692 CVSS:5.9
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.
CVE-2023-38727 CVSS:5.3
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.
CVE-2023-38003 CVSS:7.2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.
CVE-2023-29258 CVSS:5.9
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.
Impact
- Denial of Service
- Gain Privileges
Indicators Of Compromise
CVE
- CVE-2023-47701
- CVE-2023-46167
- CVE-2023-45178
- CVE-2023-43020
- CVE-2023-40687
- CVE-2023-40692
- CVE-2023-38727
- CVE-2023-38003
- CVE-2023-29258
Affected Vendors
IBM
Affected Products
- IBM DB2 for Linux
- UNIX and Windows 10.5
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.