Ibm Db2 vulnerabilities
332 known vulnerabilities affecting ibm/db2.
Total CVEs
332
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH142MEDIUM162LOW15
Vulnerabilities
Page 5 of 17
CVE-2023-47747MEDIUMCVSS 6.5≥ 10.5.0.0, ≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2024-01-22
CVE-2023-47747 [MEDIUM] CWE-20 CVE-2023-47747: IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow a
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.
nvd
CVE-2023-47746MEDIUMCVSS 6.5≥ 10.5.0.0, ≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2024-01-22
CVE-2023-47746 [MEDIUM] CWE-20 CVE-2023-47746: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.
nvd
CVE-2023-47141MEDIUMCVSS 6.5fixed in 11.5.92024-01-22
CVE-2023-47141 [MEDIUM] CWE-20 CVE-2023-47141: IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
nvd
CVE-2023-27859MEDIUMCVSS 6.5≥ 10.5.0.0, ≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2024-01-22
CVE-2023-27859 [MEDIUM] CWE-427 CVE-2023-27859: IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installin
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
nvd
CVE-2023-50308MEDIUMCVSS 6.5fixed in 11.5.92024-01-22
CVE-2023-50308 [MEDIUM] CWE-20 CVE-2023-50308: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances c
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
nvd
CVE-2023-47158MEDIUMCVSS 6.5≥ 10.5.0.0, ≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2024-01-22
CVE-2023-47158 [MEDIUM] CWE-20 CVE-2023-47158: IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server)
10.5, 11.1 and 11.5
could allo
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server)
10.5, 11.1 and 11.5
could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.
nvd
CVE-2023-47145HIGHCVSS 7.8≥ 10.5, < 10.5.0.11≥ 11.1, < 11.1.4.7+2 more2024-01-07
CVE-2023-47145 [HIGH] CWE-269 CVE-2023-47145: IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to e
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.
nvd
CVE-2023-40692HIGHCVSS 7.5v10.5v11.1+1 more2023-12-04
CVE-2023-40692 [HIGH] CWE-400 CVE-2023-40692: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.
nvd
CVE-2023-38003HIGHCVSS 7.2v10.5v11.1+1 more2023-12-04
CVE-2023-38003 [HIGH] CVE-2023-38003: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.
nvd
CVE-2023-47701HIGHCVSS 7.5≥ 10.5.0.0, ≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2023-12-04
CVE-2023-47701 [HIGH] CWE-20 CVE-2023-47701: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
nvd
CVE-2023-46167HIGHCVSS 7.5≥ 11.5.6, ≤ 11.5.82023-12-04
CVE-2023-46167 [HIGH] CWE-20 CVE-2023-46167: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerabl
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
nvd
CVE-2023-40687HIGHCVSS 7.5≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2023-12-04
CVE-2023-40687 [HIGH] CWE-20 CVE-2023-40687: IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
nvd
CVE-2023-29258HIGHCVSS 7.5≥ 11.1.0.0, ≤ 11.1.4.7≥ 11.5, ≤ 11.5.92023-12-04
CVE-2023-29258 [HIGH] CWE-20 CVE-2023-29258: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.
nvd
CVE-2023-38727HIGHCVSS 7.5≥ 10.5.0.0, ≤ 10.5.0.11≥ 11.1.0.0, ≤ 11.1.4.7+1 more2023-12-04
CVE-2023-38727 [HIGH] CWE-20 CVE-2023-38727: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
nvd
CVE-2023-45178HIGHCVSS 7.5v11.52023-12-03
CVE-2023-45178 [HIGH] CWE-20 CVE-2023-45178: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.
nvd
CVE-2023-40373HIGHCVSS 7.5≥ 11.5, ≤ 11.5.8v10.5+1 more2023-10-17
CVE-2023-40373 [HIGH] CWE-20 CVE-2023-40373: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.
nvd
CVE-2023-40372HIGHCVSS 7.5≥ 11.5, ≤ 11.5.82023-10-17
CVE-2023-40372 [HIGH] CWE-20 CVE-2023-40372: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of se
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.
nvd
CVE-2023-38719MEDIUMCVSS 4.4v11.5.82023-10-17
CVE-2023-38719 [MEDIUM] CWE-20 CVE-2023-38719: IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during da
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.
nvd
CVE-2023-38740HIGHCVSS 7.5≥ 11.5, ≤ 11.5.82023-10-16
CVE-2023-38740 [HIGH] CWE-20 CVE-2023-38740: IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.
nvd
CVE-2023-38720HIGHCVSS 7.5≥ 11.5, < 11.5.8v11.1.42023-10-16
CVE-2023-38720 [HIGH] CWE-20 CVE-2023-38720: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to den
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.
nvd