This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2016-04-27
Product db2 Last view 2021-06-16
Version 9.7.0.11 Type Application
Update *  
Edition *  
Language *  
Sofware Edition advanced_workgroup  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:db2

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2021-06-16 CVE-2021-29702

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

7.8 2021-03-11 CVE-2020-5025

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

7.5 2021-03-11 CVE-2020-5024

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

4.4 2021-03-11 CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

7.8 2020-11-20 CVE-2020-4739

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.

6.5 2019-07-01 CVE-2019-4386

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

7.3 2016-09-30 CVE-2016-5995

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

4.3 2016-04-27 CVE-2016-0211

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

CWE : Common Weakness Enumeration

%idName
14% (1) CWE-749 Exposed Dangerous Method or Function
14% (1) CWE-426 Untrusted Search Path
14% (1) CWE-276 Incorrect Default Permissions
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
14% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
14% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2016-11-15 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp8_nix.nasl - Type: ACT_GATHER_INFO
2016-05-26 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp11_35317_nix.nasl - Type: ACT_GATHER_INFO
2016-05-26 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp11_35317_win.nasl - Type: ACT_GATHER_INFO
2016-05-26 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_connect_97fp11_35317_win.nasl - Type: ACT_GATHER_INFO