Summary
Detail | |||
---|---|---|---|
Vendor | Ibm | First view | 2007-05-09 |
Product | db2 | Last view | 2024-08-14 |
Version | 8.0 | Type | Application |
Update | fp3 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ibm:db2 |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2024-08-14 | CVE-2024-37529 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295. |
6.5 | 2024-08-14 | CVE-2024-35136 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307. |
6.5 | 2024-08-14 | CVE-2024-31882 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. |
6.5 | 2024-01-22 | CVE-2023-50308 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. |
6.5 | 2024-01-22 | CVE-2023-47747 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. |
6.5 | 2024-01-22 | CVE-2023-47746 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. |
6.5 | 2024-01-22 | CVE-2023-47158 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. |
7.5 | 2024-01-22 | CVE-2023-47152 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. |
6.5 | 2024-01-22 | CVE-2023-47141 | IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. |
7.5 | 2024-01-22 | CVE-2023-45193 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. |
6.5 | 2024-01-22 | CVE-2023-27859 | IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. |
7.8 | 2024-01-07 | CVE-2023-47145 | IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. |
7.5 | 2023-12-04 | CVE-2023-47701 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. |
7.5 | 2023-12-04 | CVE-2023-46167 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. |
7.5 | 2023-12-04 | CVE-2023-40687 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. |
7.5 | 2023-12-04 | CVE-2023-38727 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. |
7.5 | 2023-12-04 | CVE-2023-29258 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. |
7.5 | 2023-10-17 | CVE-2023-40373 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. |
7.5 | 2023-10-17 | CVE-2023-40372 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. |
7.5 | 2023-10-16 | CVE-2023-40374 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. |
7.5 | 2023-10-16 | CVE-2023-38740 | IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. |
7.5 | 2023-10-16 | CVE-2023-38728 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. |
7.5 | 2023-10-16 | CVE-2023-38720 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. |
7.5 | 2023-10-16 | CVE-2023-30991 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037. |
7.5 | 2023-10-16 | CVE-2023-30987 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
20% (6) | CWE-20 | Improper Input Validation |
17% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
6% (2) | CWE-399 | Resource Management Errors |
6% (2) | CWE-200 | Information Exposure |
6% (2) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
3% (1) | CWE-749 | Exposed Dangerous Method or Function |
3% (1) | CWE-426 | Untrusted Search Path |
3% (1) | CWE-287 | Improper Authentication |
3% (1) | CWE-276 | Incorrect Default Permissions |
3% (1) | CWE-209 | Information Exposure Through an Error Message |
3% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-2 | Inducing Account Lockout |
CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
CAPEC-147 | XML Ping of Death |
CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
77204 | IBM DB2 for Unix Self Tuning Memory Manager (STMM) Unspecified Local DoS |
72698 | IBM DB2 Relational Data Services SYSSTAT.TABLES Statistics Manipulation |
72697 | IBM DB2 Relational Data Services Non-DDL Statement Execution |
70773 | IBM DB2 Non-DDL Statement Execution DBADM Privilege Revocation Weakness |
70683 | IBM DB2 Administration Server Unspecified Overflow |
64041 | IBM DB2 REPEAT Function Overflow |
58478 | IBM DB2 Universal Database Unspecified Remote Access Restriction Bypass |
58477 | IBM DB2 Universal Database Table Drop Function Definer Unspecified Issue |
57231 | IBM DB2 Universal Database db2jds Malformed Packets Remote DoS |
57230 | IBM DB2 Universal Database DAS Command Unspecified Privilege Escalation |
57229 | IBM DB2 Universal Database Security Component Unspecified Private Memory Leak |
54914 | IBM DB2 Universal Database Common Code Infrastructure Component LDAP Password... |
54698 | IBM DB2 Universal Database JOIN Predicate Query Result Handling Information D... |
49950 | IBM DB2 Universal Database SORT/LIST SERVICES Component Trace Output Informat... |
49949 | IBM DB2 Universal Database Native Managed Provider for .NET Object Maintenanc... |
49948 | IBM DB2 Universal Database New Compiler SQLNLS_UNPADDEDCHARLEN Function Unspe... |
48144 | IBM DB2 Universal Database Crafted CONNECT / ATTACH Data Stream Processing Re... |
44963 | IBM DB2 Universal Database on Windows Multiple Function JAR File Handling Rem... |
41796 | IBM DB2 Universal Database SYSPROC.NNSTAT log File Parameter Arbitrary File O... |
41794 | IBM DB2 Universal Database CONNECT / ATTACH Processing Unspecified Remote DoS |
41629 | IBM DB2 Universal Database Administration Server (DAS) Unspecified Administra... |
40995 | IBM DB2 Universal Database Authentication Information Storage Memory Corruption |
40975 | IBM DB2 JDBC Applet Server (DB2JDS) Multiple Method MemTree Remote Overflow |
40973 | IBM DB2 JDBC Applet Server (DB2JDS) Crafted Packet Arbitrary Code Execution |
OpenVAS Exploits
id | Description |
---|---|
2011-05-16 | Name : IBM DB2 Multiple Security Bypass Vulnerabilities (May-11) File : nvt/gb_ibm_db2_mult_sec_bypass_vuln.nasl |
2011-02-07 | Name : IBM DB2 Administration Server (DAS) Buffer Overflow Vulnerability File : nvt/gb_ibm_db2_das_bof_vuln.nasl |
2011-02-07 | Name : IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability File : nvt/gb_ibm_db2_dbadm_sec_bypass_vuln.nasl |
2010-04-30 | Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Linux) File : nvt/secpod_ibm_db2_repeat_bof_vuln_lin.nasl |
2010-04-30 | Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win) File : nvt/secpod_ibm_db2_repeat_bof_vuln_win.nasl |
2009-10-06 | Name : IBM DB2 Multiple Vulnerabilities - Oct09 (Linux) File : nvt/gb_ibm_db2_mult_vuln_lin_oct09.nasl |
2009-10-06 | Name : IBM DB2 Multiple Vulnerabilities - Oct09 (Win) File : nvt/gb_ibm_db2_mult_vuln_win_oct09.nasl |
2009-08-24 | Name : IBM DB2 Multiple Vulnerabilities (Linux) File : nvt/secpod_ibm_db2_mult_vuln_lin.nasl |
2009-08-24 | Name : IBM DB2 Multiple Vulnerabilities (Win) File : nvt/secpod_ibm_db2_mult_vuln_win.nasl |
2009-06-30 | Name : IBM DB2 Multiple Vulnerabilities (Linux) File : nvt/secpod_ibm_db2_mult_dos_vuln_lin01.nasl |
2009-06-30 | Name : IBM DB2 Multiple Vulnerabilities (Win) File : nvt/secpod_ibm_db2_mult_dos_vuln_win01.nasl |
2009-05-11 | Name : IBM DB2 Information Disclosure Vulnerability (Linux) File : nvt/gb_ibm_db2_info_disc_vuln_lin.nasl |
2009-05-11 | Name : IBM DB2 Information Disclosure Vulnerability (Win) File : nvt/gb_ibm_db2_info_disc_vuln_win.nasl |
2008-09-25 | Name : IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Linux) File : nvt/secpod_ibm_db2_8_udb_mult_vuln_lin_900216.nasl |
2008-09-25 | Name : IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Win) File : nvt/secpod_ibm_db2_8_udb_mult_vuln_win_900215.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2011-B-0013 | Multiple Vulnerabilities in IBM DB2 Severity: Category I - VMSKEY: V0026050 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-03-29 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 29948 - Type : SERVER-OTHER - Revision : 6 |
2014-03-29 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 29947 - Type : SERVER-OTHER - Revision : 6 |
2014-03-29 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 29946 - Type : SERVER-OTHER - Revision : 6 |
2014-01-10 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 19206 - Type : SERVER-OTHER - Revision : 11 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2011-11-23 | Name: The remote database server is affected by multiple denial of service vulnerab... File: db2_97fp5.nasl - Type: ACT_GATHER_INFO |
2011-04-25 | Name: The remote database server is affected by multiple issues. File: db2_97fp4.nasl - Type: ACT_GATHER_INFO |
2011-02-01 | Name: The remote database server is affected by multiple issues. File: db2_9fp10.nasl - Type: ACT_GATHER_INFO |
2011-02-01 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp7.nasl - Type: ACT_GATHER_INFO |
2010-11-02 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp3.nasl - Type: ACT_GATHER_INFO |
2010-09-07 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp6.nasl - Type: ACT_GATHER_INFO |
2010-06-01 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp2.nasl - Type: ACT_GATHER_INFO |
2010-04-28 | Name: The remote database server is affected by multiple issues. File: db2_9fp9.nasl - Type: ACT_GATHER_INFO |
2009-10-06 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp8.nasl - Type: ACT_GATHER_INFO |
2009-08-20 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_81fp18.nasl - Type: ACT_GATHER_INFO |
2009-06-03 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp4.nasl - Type: ACT_GATHER_INFO |
2009-04-22 | Name: The remote database server is affected by multiple issues. File: db2_9fp7.nasl - Type: ACT_GATHER_INFO |
2008-10-22 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp6.nasl - Type: ACT_GATHER_INFO |
2008-09-12 | Name: The remote database server is affected by multiple issues. File: db2_8fp17.nasl - Type: ACT_GATHER_INFO |
2008-08-28 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp2.nasl - Type: ACT_GATHER_INFO |
2008-07-30 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp1.nasl - Type: ACT_GATHER_INFO |
2008-02-05 | Name: The remote database server is affected by multiple issues. File: db2_81fp16.nasl - Type: ACT_GATHER_INFO |
2007-11-16 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp4.nasl - Type: ACT_GATHER_INFO |
2007-08-20 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp3.nasl - Type: ACT_GATHER_INFO |