CVE-2023-30445 – IBM Db2 databases running versions 10.5, 11.1, ... (How to Fix)

Q: What is the severity of CVE-2023-30445?

CVE-2023-30445 has a CVSS score of 7.5 (HIGH). IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, or Windows are vulnerable to denial of service attacks. Attackers can crash the database service by sending specially crafted queries against certain tables, disrupting database availability. This affects all organizations using vulnerable Db2 installations including Db2 Connect Server.

📋 TL;DR

IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, or Windows are vulnerable to denial of service attacks. Attackers can crash the database service by sending specially crafted queries against certain tables, disrupting database availability. This affects all organizations using vulnerable Db2 installations including Db2 Connect Server.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 10.5, 11.1, 11.5

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations running affected versions are vulnerable. The vulnerability is in the core query processing engine.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service outage leading to application downtime, data unavailability, and business disruption until service is restored.

🟠

Likely Case

Database service crashes requiring manual restart, causing temporary application downtime and potential data loss for in-flight transactions.

🟢

If Mitigated

Minimal impact with proper network segmentation, query validation, and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - Internet-facing Db2 instances are directly exposed to attack attempts from anywhere.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires database access credentials to execute queries. The vulnerability is in query processing logic, making exploitation straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory APAR IJ32530

Vendor Advisory: https://www.ibm.com/support/pages/node/7010557

Restart Required: Yes

Instructions:

1. Review IBM advisory APAR IJ32530. 2. Download appropriate fix from IBM Fix Central. 3. Apply fix following IBM's installation procedures. 4. Restart Db2 services. 5. Verify fix application.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Db2 instances to only trusted applications and administrators

Use firewall rules to limit connections to Db2 ports (typically 50000, 50001)

Query Monitoring and Filtering

all

Implement database activity monitoring to detect and block suspicious queries

Configure Db2 audit policies or use third-party database monitoring tools

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit database access
Deploy database activity monitoring with alerting for suspicious query patterns

🔍 How to Verify

Check if Vulnerable:

Check Db2 version using 'db2level' command and compare against affected versions 10.5, 11.1, 11.5

Check Version:

db2level | grep "Product installed"

Verify Fix Applied:

Verify fix application by checking for APAR IJ32530 in installed fixes list and confirming version is patched

📡 Detection & Monitoring

Log Indicators:

Database service crashes
Unexpected termination of db2sysc process
Error logs showing query processing failures

Network Indicators:

Multiple failed query attempts from single source
Unusual query patterns against specific tables

SIEM Query:

source="db2*" AND ("crash" OR "terminated" OR "abnormal")

📊 Metadata

CVE ID: CVE-2023-30445

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: July 10, 2023

Last Updated: February 13, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/253357 VDB Entry,Vendor Advisory
https://security.netapp.com/advisory/ntap-20230731-0007/
https://www.ibm.com/support/pages/node/7010557 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/253357 VDB Entry,Vendor Advisory
https://security.netapp.com/advisory/ntap-20230731-0007/
https://www.ibm.com/support/pages/node/7010557 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30445, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Query Monitoring and Filtering

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities