CVE-2023-40372 — Improper Input Validation in IBM DB2
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.0%
top 85.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 17
Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6