Db2 Vulnerable to Denial of Service Attack

CVE-2023-29267

5.3MEDIUM

Key Information

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: Published:; 12 June 2024

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

Affected Version(s)

Db2 for Linux, UNIX and Windows = 10.5, 11.1, 11.5

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

NONE

Integrity:

NONE

Availability:

HIGH

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
Jun 12, 2024
Vulnerability Reserved.
Apr 4, 2023

Collectors

NVD DatabaseMitre Database