VDB
CVE-2023-35012
CVE-2023-35012
PUBLISHED
Es existiert eine Schwachstelle in IBM DB2. Diese besteht aufgrund der Anfälligkeit für einen stapelbasierten Pufferüberlauf. Ein lokaler Angreifer mit bestimmten Berechtigungen kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen.
EPSS 0.03% · 9.6th percentile
Risk Scores
EPSS Score
0.03%
9.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Security Identity Manager | |
| IBM | IBM DB2 V11.5 | |
| IBM | IBM DB2 Big SQL |
Exploit Intelligence
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
Timeline
- Jul 10, 2023 CVE Published
- Jul 17, 2023 EPSS Score
- Aug 20, 2023 EPSS Score
- Sep 24, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Dec 2, 2023 EPSS Score
- Jan 5, 2024 EPSS Score
- Feb 8, 2024 EPSS Score
- Feb 8, 2024 PoC Published
- Mar 14, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 22, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1700.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1700 advisory
- https://www.ibm.com/support/pages/node/7010747 advisory
- https://www.ibm.com/support/pages/node/7015281 advisory
- https://www.ibm.com/support/pages/node/7165247 advisory