Multiple vulnerabilities in IBM dashDB Local

1) Resource exhaustion

EUVDB-ID: #VU86341

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30449

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU81945

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-27558

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local attacker can exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU81944

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-29256

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource exhaustion

EUVDB-ID: #VU81935

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30442

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Code Injection

EUVDB-ID: #VU86338

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-27868

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to unchecked class instantiation when providing plugin classes. A remote user can send a specially crafted request using the named pluginClassName class and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Code Injection

EUVDB-ID: #VU78916

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-27867

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote user can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Code Injection

EUVDB-ID: #VU86340

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-27869

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to unchecked logger injection. A remote user can send a specially crafted request using the named traceFile property and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU81916

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-30431

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local attacker can create a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Insufficient Logging

EUVDB-ID: #VU81946

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-23487

CWE-ID: CWE-778 - Insufficient Logging

Exploit availability: No

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to insufficient audit logging. A remote user can trigger the vulnerability to modify data on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU86342

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30445

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted query on certain tables to trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU79803

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-39976

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in log_blackbox.c. A remote attacker can send an overly long log message tp the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource exhaustion

EUVDB-ID: #VU86345

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30448

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted query on certain tables to trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

EUVDB-ID: #VU86346

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-30443

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can send a specially crafted query on certain tables to trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource exhaustion

EUVDB-ID: #VU86336

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30446

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send specially crafted query on certain tables to trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource exhaustion

EUVDB-ID: #VU86337

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30447

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted query on certain tables to trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource exhaustion

EUVDB-ID: #VU88070

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-22360

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU88127

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52296

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource exhaustion

EUVDB-ID: #VU88067

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27254

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU88130

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-25046

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU88129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-25030

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU78917

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-35012

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote privileged user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote privileged user can send a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource exhaustion

EUVDB-ID: #VU81713

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40373

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack with a specially crafted query containing common table expressions.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information disclosure

EUVDB-ID: #VU88069

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38729

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU75262

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-21954

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Segmentation fault

EUVDB-ID: #VU83267

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5676

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. A local privileged user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU82141

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22081

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU76906

Risk: High

CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-2597

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU75265

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU75267

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21937

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU75266

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU75264

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-21939

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

32) Improper input validation

EUVDB-ID: #VU75261

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-21967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) SQL injection

EUVDB-ID: #VU82580

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-40372

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU75260

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-21930

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Resource exhaustion

EUVDB-ID: #VU81724

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38728

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can send a specially crafted XML query statement, trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Resource exhaustion

EUVDB-ID: #VU81725

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40374

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can send a specially crafted query statement, trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Observable discrepancy

EUVDB-ID: #VU82583

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-33850

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to timing-based side channel in the RSA Decryption implementation. A remote attacker can send an overly large number of trial messages for decryption and gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource exhaustion

EUVDB-ID: #VU81723

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38720

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can send a specially crafted ALTER TABLE statement, trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource exhaustion

EUVDB-ID: #VU81722

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30991

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted query to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) SQL injection

EUVDB-ID: #VU82577

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-38740

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource exhaustion

EUVDB-ID: #VU81712

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-38719

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack during database deactivation on DPF.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Resource exhaustion

EUVDB-ID: #VU82578

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-30987

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU43781

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-2677

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU85745

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-50308

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability occurs when a statement is run on columnar tables. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU87880

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8395

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles certain references. A remote attacker can cause a denial of service or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Resource exhaustion

EUVDB-ID: #VU84388

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-46167

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when a specially crafted cursor is used. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Resource exhaustion

EUVDB-ID: #VU84377

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-45178

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion with a specially crafted request and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Resource exhaustion

EUVDB-ID: #VU84376

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29258

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted federated query on specific federation objects and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer overflow

EUVDB-ID: #VU87887

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8392

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles certain instances of the (?| substring. A remote attacker can cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Integer overflow

EUVDB-ID: #VU29488

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-14155

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass a large number after a (?C substring, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Buffer overflow

EUVDB-ID: #VU87890

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-2327

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles the /(((a2)|(a*)g<-1>))*/ pattern and related patterns with certain internal recursive back references. A remote attacker can cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Data Handling

EUVDB-ID: #VU87892

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-2328

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to PCRE mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion. A remote attacker can cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Integer overflow

EUVDB-ID: #VU77577

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-8394

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing the (?() and (?(R) conditions. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Information disclosure

EUVDB-ID: #VU87881

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8393

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to pcregrep in PCRE mishandles the -q option for binary files. A remote attacker can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource exhaustion

EUVDB-ID: #VU84101

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-43020

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can send a specially crafted query and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use of uninitialized resource

EUVDB-ID: #VU77578

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8390

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources when processing the [: and \ substrings in character classes. A remote attacker can pass specially crafted data to the application, trigger uninitialized usage of resources and bypass implemented security mechanisms.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU87883

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-8391

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due pcre_compile function in pcre_compile.c in PCRE mishandles certain [: nesting. A remote attacker can cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Integer overflow

EUVDB-ID: #VU87884

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8387

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles (?123) subroutine calls and related subroutine calls. A remote attacker can cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer overflow

EUVDB-ID: #VU87885

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8385

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles the /(?|(k&#039;Pm&#039;)|(?&#039;Pm&#039;))/ pattern and related patterns with certain forward references. A remote attacker can create a specially crafted Office document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Buffer overflow

EUVDB-ID: #VU87893

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-8388

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis. A remote attacker can cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Buffer overflow

EUVDB-ID: #VU77576

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-8386

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing regular expressions. A remote attacker can trigger memory corruption using a JavaScript RegExp object and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Heap-based buffer overflow

EUVDB-ID: #VU65555

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-8381

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the compile_regex() function in pcre_compile.c in PCRE when handling related patterns with certain group references. A remote attacker can use a crafted regular expression to trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Buffer overflow

EUVDB-ID: #VU87878

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-8383

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to PCRE mishandles certain repeated conditional groups. A remote attacker can cause a denial of service (buffer overflow) or possibly have an unspecified other impact via a crafted regular expression.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Resource exhaustion

EUVDB-ID: #VU84389

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-47701

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted query, trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource exhaustion

EUVDB-ID: #VU85128

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-45193

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability occurs when a specially crafted cursor is used. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU79797

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-32731

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when parsing HTTP2 requests. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. This could lead to requests from the proxy being interpreted as containing headers from different proxy clients, leading to an information leak that can be used for privilege escalation or data exfiltration.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU85748

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-47141

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. An authenticated user with CONNECT privileges can pass specially crafted query to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU85759

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-47152

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions A remote attacker can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Input validation error

EUVDB-ID: #VU85760

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-47746

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user with CONNECT privileges can pass specially crafted query to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Code Injection

EUVDB-ID: #VU85127

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-27859

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to improper input validation. A remote user can install a malicious jar file that overwrites the existing like-named jar file in another database.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Input validation error

EUVDB-ID: #VU85782

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-47747

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user with CONNECT privileges can pass specially crafted query to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU85165

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-47145

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local user can trigger the vulnerability to bypass security restrictions and escalate privileges to the SYSTEM user using the MSI repair functionality

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU85784

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-47158

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user with CONNECT privileges can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper input validation

EUVDB-ID: #VU71253

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3510

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Policy (Google Protobuf-Java) component in Oracle Communications Cloud Native Core Policy. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Resource exhaustion

EUVDB-ID: #VU77573

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-34462

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Double Free

EUVDB-ID: #VU84043

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2002-0059

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU82454

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-43642

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Input validation error

EUVDB-ID: #VU69670

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3509

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing textformat data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Input validation error

EUVDB-ID: #VU69293

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3171

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input containing multiple instances of non-repeated embedded messages with repeated or unknown fields. A remote attacker can cause objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Uncontrolled Recursion

EUVDB-ID: #VU75044

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-1370

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper access control

EUVDB-ID: #VU84099

Risk: Low

CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38003

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote privileged user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user with DATAACCESS privileges can execute routines that they should not have access to.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) SQL injection

EUVDB-ID: #VU84368

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-38727

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Resource exhaustion

EUVDB-ID: #VU84374

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-40687

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a specially crafted RUNSTATS command on an 8TB table and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Resource exhaustion

EUVDB-ID: #VU84102

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-40692

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources under extreme stress conditions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Heap-based buffer overflow

EUVDB-ID: #VU66153

Risk: High

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2022-37434

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Install update from vendor's website.

dashDB Local: 11.5.8.0 - 11.5.8.8

• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:dashdb_local:11.5.8.2:*:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7182831

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.