CVE-2023-27859: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 versions 10.1, 10.5, and 11.1 contain a vulnerability (CVE-2023-27859) that could allow remote code execution. The vulnerability was disclosed on January 22, 2024, and affects multiple versions of IBM Db2 database software. The issue specifically occurs when installing like-named jar files across multiple databases, where a malicious user could exploit this by installing a malicious jar file that overwrites the existing like-named jar file in another database (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, requires no user interaction, and can result in high impact to integrity while not affecting confidentiality or availability. The vulnerability only affects instances with more than one database where there are common JARSCHEMA/JAR_ID combinations shared across databases (IBM Advisory, NetApp Advisory).

When successfully exploited, this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. The primary impact is on the integrity of the system, as an attacker could potentially modify or add data by overwriting existing jar files with malicious ones. This could lead to unauthorized code execution within the database environment (IBM Advisory).

IBM has released special builds containing interim fixes for affected versions. The fixes are available for V10.5 FP11, V11.1.4 FP7, and V11.5.9. As a workaround, administrators should ensure that JAR files for each database are installed in separate schemas to prevent overlap across databases. The fix introduces database-specific paths for JAR files, making their location unique to each database and schema. Users can also use the command 'CALL SQLJ.RECOVERJAR('.')' to move existing JAR files to the new secure location (IBM Advisory).