CVE-2023-47145: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 were found to contain a privilege escalation vulnerability identified as CVE-2023-47145. The vulnerability was discovered and disclosed in January 2024, allowing local users to escalate their privileges to SYSTEM user level through the MSI repair functionality (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit, with no user interaction needed. The impact affects confidentiality, integrity, and availability, all at high levels (NVD).

Successful exploitation of this vulnerability could allow a local user to escalate their privileges to SYSTEM user level on Windows systems. This level of access would give an attacker complete control over the affected system, potentially leading to unauthorized access to sensitive information, modification of data, and system compromise (IBM Advisory).

IBM has released special builds containing interim fixes for affected versions. These builds are available for V10.5 FP11, V11.1.4 FP7, and V11.5.9, and can be applied to any affected fixpack level of the appropriate release. The fixes can be downloaded from IBM Fix Central. No workarounds have been identified for this vulnerability (IBM Advisory).