CVE-2023-47145

Description

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ibm / db210.5, 11.1, 11.5 – 10.5, 11.1, 11.5

References

MISChttps://www.ibm.com/support/pages/node/7105500
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/270402
MISChttps://security.netapp.com/advisory/ntap-20240307-0003/