Denial of Service Vulnerability in IBM Db2 Products
CVE-2023-30443

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2023-30443 is a high-risk vulnerability affecting IBM Db2 for Linux, UNIX, and Windows, including the Db2 Connect Server. This vulnerability allows an attacker to execute a specially crafted query that can lead to a denial of service (DoS), severely impacting the availability and performance of the affected systems. Users of Db2 versions 10.5, 11.1, and 11.5 should take immediate action to apply available patches and implement mitigating controls to safeguard their environments against potential exploits.

Affected Version(s)

Db2 for Linux, UNIX and Windows 10.5, 11.1 ,11.5

References

https://www.ibm.com/support/pages/node/7010557

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Apr 8, 2023