IBM Db2 denial of service
CVE-2023-29258

7.5HIGH

Key Information:

Vendor: IBM
Status: Db2 for Linux, UNIX and Windows
Vendor: CVE Published:; 4 December 2023

Summary

IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server versions 11.1 and 11.5, is susceptible to a denial of service attack. This vulnerability arises from executing a specially crafted federated query on specific federation objects, potentially disrupting services. Organizations using the affected versions are advised to assess their exposure and apply necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Db2 for Linux, UNIX and Windows 11.1, 11.5

References

https://www.ibm.com/support/pages/node/7087218

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/252048

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
Apr 4, 2023

Collectors

NVD DatabaseMitre Database