CVE-2023-38728Improper Input Validation in IBM DB2

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.0%
top 86.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedOct 16
Latest updateOct 17

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDibm/db211.511.5.8+2

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-pr32-36pm-7395: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 102023-10-17
CVEList
IBM Db2 denial of service2023-10-16
CVE-2023-38728 — Improper Input Validation in IBM DB2 | cvebase