Db2 Vulnerable to Denial of Service Attack
CVE-2023-29267

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: CVE Published:; 12 June 2024

What is CVE-2023-29267?

IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server, is exposed to a denial of service risk when a specially crafted SQL statement is executed by a user with authentication privileges. This vulnerability can lead to server crashes under certain configurations, making affected systems unstable and operationally unviable. Organizations utilizing these versions of Db2 are advised to take immediate action to mitigate potential exploitation risks.

Affected Version(s)

Db2 for Linux, UNIX and Windows 10.5, 11.1, 11.5

References

https://www.ibm.com/support/pages/node/7156851

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/287612

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024
Vulnerability Reserved
Apr 4, 2023