Login Sign Up

CVE-2023-47145

8.4 HIGH

📋 TL;DR

This vulnerability in IBM Db2 for Windows allows a local user to escalate privileges to SYSTEM level using the MSI repair functionality. It affects Db2 versions 10.5, 11.1, and 11.5 on Windows systems. Attackers with initial local access can gain complete system control.

💻 Affected Systems

Products:
  • IBM Db2 for Windows
  • IBM Db2 Connect Server
Versions: 10.5, 11.1, 11.5
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations due to MSI repair functionality exploitation.

📦 What is this software?

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement across the network.

🟠

Likely Case

Malicious insider or compromised user account escalates to SYSTEM to install malware, steal credentials, or maintain persistence on the system.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated systems with no lateral movement capability.

🌐 Internet-Facing: LOW - This requires local access to the system, not remote exploitation.
🏢 Internal Only: HIGH - Any local user on affected Db2 Windows systems can potentially gain SYSTEM privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local access but exploitation appears straightforward based on vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory APAR IJ43293

Vendor Advisory: https://www.ibm.com/support/pages/node/7105500

Restart Required: Yes

Instructions:

1. Review IBM advisory APAR IJ43293. 2. Download appropriate fix for your Db2 version. 3. Apply patch following IBM instructions. 4. Restart Db2 services.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit local user access to Db2 Windows systems to only authorized administrators

Monitor MSI Repair Activity

windows

Enable auditing for Windows Installer repair operations on Db2 systems

🧯 If You Can't Patch

  • Implement strict least privilege access controls for all local users
  • Deploy endpoint detection and response (EDR) to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Db2 version on Windows systems: db2level command. If version is 10.5, 11.1, or 11.5, system is vulnerable.

Check Version:

db2level

Verify Fix Applied:

Verify patch installation via IBM fix verification procedures and confirm db2level shows patched version.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing MSI repair operations on Db2
  • Unexpected privilege escalation events
  • Db2 service account performing SYSTEM-level actions

Network Indicators:

  • None - this is local privilege escalation

SIEM Query:

Windows Event ID 11707 (MSI installer) OR privilege escalation events from Db2 service accounts

📊 Metadata

CVE ID: CVE-2023-47145
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: January 7, 2024
Last Updated: June 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47145, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)