CVE-2024-49350 – IBM Db2 databases running vulnerable versions c... (How to Fix)

Q: What is the severity of CVE-2024-49350?

CVE-2024-49350 has a CVSS score of 6.5 (MEDIUM). IBM Db2 databases running vulnerable versions can be crashed by sending specially crafted queries, causing denial of service. This affects Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, and 12.1.0-12.1.1 on Linux, UNIX, and Windows systems, including DB2 Connect Server installations.

📋 TL;DR

IBM Db2 databases running vulnerable versions can be crashed by sending specially crafted queries, causing denial of service. This affects Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, and 12.1.0-12.1.1 on Linux, UNIX, and Windows systems, including DB2 Connect Server installations.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
DB2 Connect Server

Versions: 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, 12.1.0 through 12.1.1

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database unavailability leading to business disruption, data inaccessibility, and potential cascading failures in dependent applications.

🟠

Likely Case

Service disruption requiring database restart and temporary unavailability until recovery procedures complete.

🟢

If Mitigated

Minimal impact with proper network segmentation, query filtering, and monitoring allowing quick detection and response.

🌐 Internet-Facing: HIGH - Internet-facing Db2 instances are directly accessible to attackers who can craft malicious queries without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to Db2 ports.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to Db2 port and ability to send SQL queries, but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes from IBM: 11.1.4.7a, 11.5.9a, 12.1.1a or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7235069

Restart Required: Yes

Instructions:

1. Download appropriate fix from IBM Fix Central. 2. Stop Db2 services. 3. Apply fix package. 4. Restart Db2 services. 5. Verify version with db2level command.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Db2 ports (default 50000/50001) to only trusted applications and administrators.

# Use firewall rules to restrict access
iptables -A INPUT -p tcp --dport 50000 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 50000 -j DROP

Query Monitoring and Filtering

all

Implement database firewall or monitoring to detect and block suspicious query patterns.

# Configure Db2 audit policies
db2audit configure scope all status both
db2audit start

🧯 If You Can't Patch

Implement strict network segmentation to isolate Db2 servers from untrusted networks
Deploy database activity monitoring to detect and alert on exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Db2 version with 'db2level' command and compare against affected versions: 11.1.0-11.1.4.7, 11.5.0-11.5.9, 12.1.0-12.1.1

Check Version:

db2level | grep 'Product identifier'

Verify Fix Applied:

Run 'db2level' command and verify version is 11.1.4.7a, 11.5.9a, 12.1.1a or later

📡 Detection & Monitoring

Log Indicators:

Unexpected database crashes/restarts
Error logs showing abnormal query termination
db2diag.log entries indicating segmentation faults or memory errors

Network Indicators:

Unusual query patterns from single source
High volume of malformed SQL queries
Connection attempts followed by service disruption

SIEM Query:

source="db2*" AND ("crash" OR "segmentation fault" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2024-49350

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.09% exploit probability (24.9th percentile)

Published: May 29, 2025

Last Updated: June 9, 2025

🔗 References

https://www.ibm.com/support/pages/node/7235069 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49350, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Query Monitoring and Filtering

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities