Rewterz Threat Advisory – CVE-2023-45801 – Apache StreamPark Vulnerability
April 27, 2023Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
April 27, 2023Rewterz Threat Advisory – CVE-2023-45801 – Apache StreamPark Vulnerability
April 27, 2023Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
April 27, 2023Severity
High
Analysis Summary
CVE-2023-29257 CVSS:7.2
IBM Db2 for Linux, UNIX and Windows is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.
CVE-2023-27559 CVSS:5.3
IBM Db2 for Linux, UNIX and Windows is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.
CVE-2023-26286 CVSS:8.4
IBM AIX and VIOS could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands.
Impact
- Code Execution
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-29257
- CVE-2023-27559
- CVE-2023-26286
Affected Vendors
IBM
Affected Products
- IBM DB2 for Linux
- UNIX and Windows 10.5
- IBM DB2 for Linux
- UNIX and Windows 11.1
- IBM DB2 for Linux
- UNIX and Windows 11.5
- IBM AIX 7.1
- IBM AIX 7.2
- IBM VIOS 3.1
- IBM AIX 7.3
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.