CVE-2024-28762 – IBM Db2 databases running versions 10.5, 11.1, ... (How to Fix)

Q: What is the severity of CVE-2024-28762?

CVE-2024-28762 has a CVSS score of 5.3 (MEDIUM). IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, and Windows are vulnerable to denial of service attacks. An attacker can crash the database server by sending a specially crafted query under certain conditions, disrupting database availability. This affects all Db2 installations including DB2 Connect Server.

📋 TL;DR

IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, and Windows are vulnerable to denial of service attacks. An attacker can crash the database server by sending a specially crafted query under certain conditions, disrupting database availability. This affects all Db2 installations including DB2 Connect Server.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
DB2 Connect Server

Versions: 10.5, 11.1, 11.5

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability requires specific query conditions to trigger.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service outage requiring restart, potentially causing extended downtime for dependent applications and services.

🟠

Likely Case

Temporary service disruption affecting database availability until manual restart, impacting application functionality.

🟢

If Mitigated

Minimal impact with proper query validation and monitoring in place to detect and block malicious queries before execution.

🌐 Internet-Facing: MEDIUM - Internet-facing Db2 instances are at risk if exposed without proper network controls, though exploitation requires specific query conditions.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to disrupt critical database services affecting business operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires database access and knowledge of specific query conditions. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory APARs: IT43926 for 11.5, IT43927 for 11.1, IT43928 for 10.5

Vendor Advisory: https://www.ibm.com/support/pages/node/7156847

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific fix details. 2. Apply the appropriate fix pack or interim fix for your Db2 version. 3. Restart the Db2 instance to apply changes. 4. Verify the fix is applied correctly.

🔧 Temporary Workarounds

Implement Query Filtering

all

Deploy database firewall or application-layer filtering to block suspicious queries matching known patterns.

Restrict Database Access

all

Limit database connections to trusted applications and users only, reducing attack surface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Db2 servers from untrusted networks
Deploy monitoring and alerting for abnormal query patterns and database crashes

🔍 How to Verify

Check if Vulnerable:

Check Db2 version using 'db2level' command and compare against affected versions (10.5, 11.1, 11.5).

Check Version:

db2level | grep "Product installed"

Verify Fix Applied:

Verify fix application by checking for specific APARs: IT43926 (11.5), IT43927 (11.1), IT43928 (10.5) in Db2 fix history.

📡 Detection & Monitoring

Log Indicators:

Unexpected database crashes or restarts
Abnormal query patterns with specific syntax
Db2 diagnostic logs showing service interruptions

Network Indicators:

Unusual database connection patterns
Multiple failed query attempts from single source

SIEM Query:

source="db2*" AND (event_type="crash" OR event_type="restart" OR message="*denial*" OR message="*service*interruption*")

📊 Metadata

CVE ID: CVE-2024-28762

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: June 12, 2024

Last Updated: November 4, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/285246 VDB Entry
https://www.ibm.com/support/pages/node/7156847 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/285246 VDB Entry
https://security.netapp.com/advisory/ntap-20240912-0005/
https://www.ibm.com/support/pages/node/7156847 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28762, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Implement Query Filtering

Restrict Database Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities