CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/273393	VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0001/
https://www.ibm.com/support/pages/node/7105506	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/273393	VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0001/
https://www.ibm.com/support/pages/node/7105506	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2024-01-22 19:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50308

Mitre link : CVE-2023-50308

CVE.ORG link : CVE-2023-50308

JSON object : View

Products Affected

ibm

linux_on_ibm_z
db2
aix

linux

linux_kernel

microsoft

windows

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2023-50308", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-01-22T19:15:09.003", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0001/", "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7105506", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273393", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0001/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7105506", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393."}, {"lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 11.5 bajo ciertas circunstancias podr\u00eda permitir que un usuario autenticado en la base de datos provoque una denegaci\u00f3n de servicio cuando se ejecuta una declaraci\u00f3n en tablas de columnas. ID de IBM X-Force: 273393."}], "lastModified": "2024-11-21T08:36:50.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C382D744-D189-4F7D-B896-52C1B87F8C06", "versionEndExcluding": "11.5.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}