This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2007-05-09
Product db2 Last view 2024-08-14
Version 8.0 Type Application
Update fp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:db2

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2024-08-14 CVE-2024-37529

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.

6.5 2024-08-14 CVE-2024-35136

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

6.5 2024-08-14 CVE-2024-31882

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.

6.5 2024-01-22 CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

6.5 2024-01-22 CVE-2023-47747

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

6.5 2024-01-22 CVE-2023-47746

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

6.5 2024-01-22 CVE-2023-47158

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server)

10.5, 11.1 and 11.5

could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

7.5 2024-01-22 CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

6.5 2024-01-22 CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

7.5 2024-01-22 CVE-2023-45193

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

6.5 2024-01-22 CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

7.8 2024-01-07 CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

7.5 2023-12-04 CVE-2023-47701

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

7.5 2023-12-04 CVE-2023-46167

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

7.5 2023-12-04 CVE-2023-40687

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

7.5 2023-12-04 CVE-2023-38727

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

7.5 2023-12-04 CVE-2023-29258

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

7.5 2023-10-17 CVE-2023-40373

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

7.5 2023-10-17 CVE-2023-40372

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

7.5 2023-10-16 CVE-2023-40374

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

7.5 2023-10-16 CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

7.5 2023-10-16 CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

7.5 2023-10-16 CVE-2023-38720

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

7.5 2023-10-16 CVE-2023-30991

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

7.5 2023-10-16 CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

CWE : Common Weakness Enumeration

%idName
20% (6) CWE-264 Permissions, Privileges, and Access Controls
20% (6) CWE-20 Improper Input Validation
17% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-399 Resource Management Errors
6% (2) CWE-200 Information Exposure
6% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
3% (1) CWE-749 Exposed Dangerous Method or Function
3% (1) CWE-426 Untrusted Search Path
3% (1) CWE-287 Improper Authentication
3% (1) CWE-276 Incorrect Default Permissions
3% (1) CWE-209 Information Exposure Through an Error Message
3% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

Open Source Vulnerability Database (OSVDB)

id Description
77204 IBM DB2 for Unix Self Tuning Memory Manager (STMM) Unspecified Local DoS
72698 IBM DB2 Relational Data Services SYSSTAT.TABLES Statistics Manipulation
72697 IBM DB2 Relational Data Services Non-DDL Statement Execution
70773 IBM DB2 Non-DDL Statement Execution DBADM Privilege Revocation Weakness
70683 IBM DB2 Administration Server Unspecified Overflow
64041 IBM DB2 REPEAT Function Overflow
58478 IBM DB2 Universal Database Unspecified Remote Access Restriction Bypass
58477 IBM DB2 Universal Database Table Drop Function Definer Unspecified Issue
57231 IBM DB2 Universal Database db2jds Malformed Packets Remote DoS
57230 IBM DB2 Universal Database DAS Command Unspecified Privilege Escalation
57229 IBM DB2 Universal Database Security Component Unspecified Private Memory Leak
54914 IBM DB2 Universal Database Common Code Infrastructure Component LDAP Password...
54698 IBM DB2 Universal Database JOIN Predicate Query Result Handling Information D...
49950 IBM DB2 Universal Database SORT/LIST SERVICES Component Trace Output Informat...
49949 IBM DB2 Universal Database Native Managed Provider for .NET Object Maintenanc...
49948 IBM DB2 Universal Database New Compiler SQLNLS_UNPADDEDCHARLEN Function Unspe...
48144 IBM DB2 Universal Database Crafted CONNECT / ATTACH Data Stream Processing Re...
44963 IBM DB2 Universal Database on Windows Multiple Function JAR File Handling Rem...
41796 IBM DB2 Universal Database SYSPROC.NNSTAT log File Parameter Arbitrary File O...
41794 IBM DB2 Universal Database CONNECT / ATTACH Processing Unspecified Remote DoS
41629 IBM DB2 Universal Database Administration Server (DAS) Unspecified Administra...
40995 IBM DB2 Universal Database Authentication Information Storage Memory Corruption
40975 IBM DB2 JDBC Applet Server (DB2JDS) Multiple Method MemTree Remote Overflow
40973 IBM DB2 JDBC Applet Server (DB2JDS) Crafted Packet Arbitrary Code Execution

OpenVAS Exploits

id Description
2011-05-16 Name : IBM DB2 Multiple Security Bypass Vulnerabilities (May-11)
File : nvt/gb_ibm_db2_mult_sec_bypass_vuln.nasl
2011-02-07 Name : IBM DB2 Administration Server (DAS) Buffer Overflow Vulnerability
File : nvt/gb_ibm_db2_das_bof_vuln.nasl
2011-02-07 Name : IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability
File : nvt/gb_ibm_db2_dbadm_sec_bypass_vuln.nasl
2010-04-30 Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Linux)
File : nvt/secpod_ibm_db2_repeat_bof_vuln_lin.nasl
2010-04-30 Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)
File : nvt/secpod_ibm_db2_repeat_bof_vuln_win.nasl
2009-10-06 Name : IBM DB2 Multiple Vulnerabilities - Oct09 (Linux)
File : nvt/gb_ibm_db2_mult_vuln_lin_oct09.nasl
2009-10-06 Name : IBM DB2 Multiple Vulnerabilities - Oct09 (Win)
File : nvt/gb_ibm_db2_mult_vuln_win_oct09.nasl
2009-08-24 Name : IBM DB2 Multiple Vulnerabilities (Linux)
File : nvt/secpod_ibm_db2_mult_vuln_lin.nasl
2009-08-24 Name : IBM DB2 Multiple Vulnerabilities (Win)
File : nvt/secpod_ibm_db2_mult_vuln_win.nasl
2009-06-30 Name : IBM DB2 Multiple Vulnerabilities (Linux)
File : nvt/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
2009-06-30 Name : IBM DB2 Multiple Vulnerabilities (Win)
File : nvt/secpod_ibm_db2_mult_dos_vuln_win01.nasl
2009-05-11 Name : IBM DB2 Information Disclosure Vulnerability (Linux)
File : nvt/gb_ibm_db2_info_disc_vuln_lin.nasl
2009-05-11 Name : IBM DB2 Information Disclosure Vulnerability (Win)
File : nvt/gb_ibm_db2_info_disc_vuln_win.nasl
2008-09-25 Name : IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Linux)
File : nvt/secpod_ibm_db2_8_udb_mult_vuln_lin_900216.nasl
2008-09-25 Name : IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Win)
File : nvt/secpod_ibm_db2_8_udb_mult_vuln_win_900215.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-B-0013 Multiple Vulnerabilities in IBM DB2
Severity: Category I - VMSKEY: V0026050

Snort® IPS/IDS

Date Description
2014-03-29 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 29948 - Type : SERVER-OTHER - Revision : 6
2014-03-29 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 29947 - Type : SERVER-OTHER - Revision : 6
2014-03-29 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 29946 - Type : SERVER-OTHER - Revision : 6
2014-01-10 IBM DB2 Universal Database receiveDASMessage buffer overflow attempt
RuleID : 19206 - Type : SERVER-OTHER - Revision : 11

Nessus® Vulnerability Scanner

id Description
2011-11-23 Name: The remote database server is affected by multiple denial of service vulnerab...
File: db2_97fp5.nasl - Type: ACT_GATHER_INFO
2011-04-25 Name: The remote database server is affected by multiple issues.
File: db2_97fp4.nasl - Type: ACT_GATHER_INFO
2011-02-01 Name: The remote database server is affected by multiple issues.
File: db2_9fp10.nasl - Type: ACT_GATHER_INFO
2011-02-01 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp7.nasl - Type: ACT_GATHER_INFO
2010-11-02 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp3.nasl - Type: ACT_GATHER_INFO
2010-09-07 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp6.nasl - Type: ACT_GATHER_INFO
2010-06-01 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp2.nasl - Type: ACT_GATHER_INFO
2010-04-28 Name: The remote database server is affected by multiple issues.
File: db2_9fp9.nasl - Type: ACT_GATHER_INFO
2009-10-06 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_9fp8.nasl - Type: ACT_GATHER_INFO
2009-08-20 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_81fp18.nasl - Type: ACT_GATHER_INFO
2009-06-03 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp4.nasl - Type: ACT_GATHER_INFO
2009-04-22 Name: The remote database server is affected by multiple issues.
File: db2_9fp7.nasl - Type: ACT_GATHER_INFO
2008-10-22 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_9fp6.nasl - Type: ACT_GATHER_INFO
2008-09-12 Name: The remote database server is affected by multiple issues.
File: db2_8fp17.nasl - Type: ACT_GATHER_INFO
2008-08-28 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp2.nasl - Type: ACT_GATHER_INFO
2008-07-30 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_95fp1.nasl - Type: ACT_GATHER_INFO
2008-02-05 Name: The remote database server is affected by multiple issues.
File: db2_81fp16.nasl - Type: ACT_GATHER_INFO
2007-11-16 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_9fp4.nasl - Type: ACT_GATHER_INFO
2007-08-20 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_9fp3.nasl - Type: ACT_GATHER_INFO