CVE-2023-30991 – IBM Db2 for Linux, UNIX and Windows (including ... (How to Fix)

Q: What is the severity of CVE-2023-30991?

CVE-2023-30991 has a CVSS score of 7.5 (HIGH). IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.1 and 11.5 are vulnerable to denial of service attacks when processing specially crafted queries. This vulnerability allows attackers to crash the database service, disrupting availability for legitimate users. Organizations running affected Db2 versions on any supported operating system are at risk.

📋 TL;DR

IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.1 and 11.5 are vulnerable to denial of service attacks when processing specially crafted queries. This vulnerability allows attackers to crash the database service, disrupting availability for legitimate users. Organizations running affected Db2 versions on any supported operating system are at risk.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 11.1 and 11.5

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service outage leading to extended downtime, data unavailability, and business disruption.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary unavailability and potential data loss in transactions.

🟢

If Mitigated

Minimal impact with proper network segmentation and query validation in place.

🌐 Internet-Facing: HIGH - Internet-facing Db2 instances are directly exposed to attack.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to execute queries against the database, typically requiring valid database credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory - see vendor advisory for specific fix packs.

Vendor Advisory: https://www.ibm.com/support/pages/node/7047499

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific fix packs. 2. Apply appropriate fix pack for your Db2 version. 3. Restart Db2 services. 4. Verify patch application.

🔧 Temporary Workarounds

Network Access Control

all

Restrict database access to only trusted applications and users.

Configure firewall rules to limit Db2 port access (default 50000/50001)

Query Monitoring

all

Implement query monitoring and rate limiting to detect anomalous queries.

Configure Db2 audit policies for query monitoring

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit database access.
Deploy database activity monitoring to detect and alert on suspicious query patterns.

🔍 How to Verify

Check if Vulnerable:

Check Db2 version using 'db2level' command and compare against affected versions (11.1.x, 11.5.x).

Check Version:

db2level

Verify Fix Applied:

Verify applied fix pack version matches or exceeds the patched version specified in IBM advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
Abnormal query patterns
Connection spikes followed by service failure

Network Indicators:

Multiple failed connection attempts to Db2 ports
Unusual query traffic patterns

SIEM Query:

source="db2" AND (event_type="crash" OR event_type="service_stop")

📊 Metadata

CVE ID: CVE-2023-30991

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: October 16, 2023

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/254037 VDB Entry,Vendor Advisory
https://security.netapp.com/advisory/ntap-20231116-0005/ Third Party Advisory
https://www.ibm.com/support/pages/node/7047499 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/254037 VDB Entry,Vendor Advisory
https://security.netapp.com/advisory/ntap-20231116-0005/ Third Party Advisory
https://www.ibm.com/support/pages/node/7047499 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30991, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Control

Query Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities