CVE-2023-47747: 
IBM Db2 vulnerability analysis and mitigation

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.1, 10.5, and 11.1 contains a vulnerability identified as CVE-2023-47747. The vulnerability was discovered and disclosed in January 2024, allowing an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query (IBM Security, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability requires network access and low privileges to exploit, with no user interaction needed. The vulnerability is classified under CWE-20 (Improper Input Validation) (NVD).

Successful exploitation of this vulnerability could allow an authenticated attacker to cause a denial of service (DoS) in the affected DB2 database systems. The impact is limited to availability, with no direct impact on confidentiality or integrity of the system (IBM Security).

IBM has released special builds containing interim fixes for affected versions. These builds are available for V10.5 FP11, V11.1.4 FP7, and V11.5.9, and can be applied to any affected fixpack level of the appropriate release. The fixes are available through IBM Fix Central. No workarounds have been identified at this time (IBM Security).