CVE-2023-23487: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1 and 11.5 were identified as vulnerable to insufficient audit logging, tracked as CVE-2023-23487. The vulnerability was discovered and reported by Dijing Wang from BEIJING DBSEC TECHNOLOGY CO., LTD (IBM Bulletin).

The vulnerability has been assigned a CVSS Base Score of 4.3 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and can potentially impact integrity but not confidentiality or availability (NetApp Advisory).

The successful exploitation of this vulnerability could lead to insufficient audit logging in affected IBM Db2 systems, potentially allowing attackers to modify data while evading detection through audit logs (IBM Bulletin).

IBM has released special builds containing interim fixes for affected versions. These builds are available for V11.1.4 FP7, V11.5.7, and V11.5.8, and can be applied to any affected fixpack level of the appropriate release. The fixes are available through Fix Central and are tracked under APAR DT173476 (IBM Bulletin).