This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2007-10-23
Product db2 Last view 2024-01-22
Version 9.1 Type Application
Update fp11  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:db2

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2024-01-22 CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

6.5 2024-01-22 CVE-2023-47747

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

6.5 2024-01-22 CVE-2023-47746

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

6.5 2024-01-22 CVE-2023-47158

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server)

10.5, 11.1 and 11.5

could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

7.5 2024-01-22 CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.

6.5 2024-01-22 CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

7.5 2024-01-22 CVE-2023-45193

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

6.5 2024-01-22 CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

7.8 2024-01-07 CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

7.5 2023-12-04 CVE-2023-47701

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

7.5 2023-12-04 CVE-2023-46167

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

7.5 2023-12-04 CVE-2023-40687

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

7.5 2023-12-04 CVE-2023-38727

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

7.5 2023-12-04 CVE-2023-29258

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

7.5 2023-10-17 CVE-2023-40373

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

7.5 2023-10-17 CVE-2023-40372

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

7.5 2023-10-16 CVE-2023-40374

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

7.5 2023-10-16 CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

7.5 2023-10-16 CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

7.5 2023-10-16 CVE-2023-38720

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

7.5 2023-10-16 CVE-2023-30991

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

7.5 2023-10-16 CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

7.5 2023-04-28 CVE-2023-27555

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

7.5 2023-04-28 CVE-2023-26022

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

7.5 2023-04-28 CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

CWE : Common Weakness Enumeration

%idName
28% (6) CWE-20 Improper Input Validation
14% (3) CWE-264 Permissions, Privileges, and Access Controls
14% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (2) CWE-200 Information Exposure
4% (1) CWE-749 Exposed Dangerous Method or Function
4% (1) CWE-426 Untrusted Search Path
4% (1) CWE-287 Improper Authentication
4% (1) CWE-276 Incorrect Default Permissions
4% (1) CWE-189 Numeric Errors
4% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Open Source Vulnerability Database (OSVDB)

id Description
77204 IBM DB2 for Unix Self Tuning Memory Manager (STMM) Unspecified Local DoS
72698 IBM DB2 Relational Data Services SYSSTAT.TABLES Statistics Manipulation
72697 IBM DB2 Relational Data Services Non-DDL Statement Execution
70773 IBM DB2 Non-DDL Statement Execution DBADM Privilege Revocation Weakness
70683 IBM DB2 Administration Server Unspecified Overflow
64041 IBM DB2 REPEAT Function Overflow
54914 IBM DB2 Universal Database Common Code Infrastructure Component LDAP Password...
54698 IBM DB2 Universal Database JOIN Predicate Query Result Handling Information D...
49950 IBM DB2 Universal Database SORT/LIST SERVICES Component Trace Output Informat...
49949 IBM DB2 Universal Database Native Managed Provider for .NET Object Maintenanc...
49948 IBM DB2 Universal Database New Compiler SQLNLS_UNPADDEDCHARLEN Function Unspe...
40995 IBM DB2 Universal Database Authentication Information Storage Memory Corruption

OpenVAS Exploits

id Description
2012-04-02 Name : IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)
File : nvt/gb_ibm_db2_admin_server_bof_vuln_lin.nasl
2011-05-16 Name : IBM DB2 Multiple Security Bypass Vulnerabilities (May-11)
File : nvt/gb_ibm_db2_mult_sec_bypass_vuln.nasl
2011-02-07 Name : IBM DB2 Administration Server (DAS) Buffer Overflow Vulnerability
File : nvt/gb_ibm_db2_das_bof_vuln.nasl
2011-02-07 Name : IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability
File : nvt/gb_ibm_db2_dbadm_sec_bypass_vuln.nasl
2010-04-30 Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Linux)
File : nvt/secpod_ibm_db2_repeat_bof_vuln_lin.nasl
2010-04-30 Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)
File : nvt/secpod_ibm_db2_repeat_bof_vuln_win.nasl
2009-06-30 Name : IBM DB2 Multiple Vulnerabilities (Linux)
File : nvt/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
2009-06-30 Name : IBM DB2 Multiple Vulnerabilities (Win)
File : nvt/secpod_ibm_db2_mult_dos_vuln_win01.nasl
2009-05-11 Name : IBM DB2 Information Disclosure Vulnerability (Linux)
File : nvt/gb_ibm_db2_info_disc_vuln_lin.nasl
2009-05-11 Name : IBM DB2 Information Disclosure Vulnerability (Win)
File : nvt/gb_ibm_db2_info_disc_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-B-0030 Multiple Security Vulnerabilities in IBM DB2
Severity: Category I - VMSKEY: V0031892
2011-B-0013 Multiple Vulnerabilities in IBM DB2
Severity: Category I - VMSKEY: V0026050

Snort® IPS/IDS

Date Description
2014-03-29 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 29948 - Type : SERVER-OTHER - Revision : 6
2014-03-29 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 29947 - Type : SERVER-OTHER - Revision : 6
2014-03-29 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 29946 - Type : SERVER-OTHER - Revision : 6
2014-01-10 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 19206 - Type : SERVER-OTHER - Revision : 11

Nessus® Vulnerability Scanner

id Description
2012-07-23 Name: The remote database server is affected by multiple issues.
File: db2_9fp12.nasl - Type: ACT_GATHER_INFO
2012-07-10 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp6.nasl - Type: ACT_GATHER_INFO
2012-03-08 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp9.nasl - Type: ACT_GATHER_INFO
2011-11-23 Name: The remote database server is affected by multiple denial of service vulnerab...
File: db2_97fp5.nasl - Type: ACT_GATHER_INFO
2011-04-25 Name: The remote database server is affected by multiple issues.
File: db2_97fp4.nasl - Type: ACT_GATHER_INFO
2011-02-01 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp7.nasl - Type: ACT_GATHER_INFO
2011-02-01 Name: The remote database server is affected by multiple issues.
File: db2_9fp10.nasl - Type: ACT_GATHER_INFO
2010-11-02 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp3.nasl - Type: ACT_GATHER_INFO
2010-06-01 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp2.nasl - Type: ACT_GATHER_INFO
2009-06-03 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp4.nasl - Type: ACT_GATHER_INFO
2009-04-22 Name: The remote database server is affected by multiple issues.
File: db2_9fp7.nasl - Type: ACT_GATHER_INFO
2008-10-22 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_9fp6.nasl - Type: ACT_GATHER_INFO
2008-08-28 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp2.nasl - Type: ACT_GATHER_INFO
2007-11-16 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_9fp4.nasl - Type: ACT_GATHER_INFO