Db2 Vulnerable to Denial of Service Attack
CVE-2023-29267
5.3MEDIUM
Summary
IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server, is exposed to a denial of service risk when a specially crafted SQL statement is executed by a user with authentication privileges. This vulnerability can lead to server crashes under certain configurations, making affected systems unstable and operationally unviable. Organizations utilizing these versions of Db2 are advised to take immediate action to mitigate potential exploitation risks.
Affected Version(s)
Db2 for Linux, UNIX and Windows 10.5, 11.1, 11.5
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved