📦 Db2
by Ibm
🔍 What is Db2?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
IBM Db2 databases running vulnerable versions are susceptible to XML external entity injection (XXE) attacks when processing XML data. This allows remote attackers to read sensitive files from the ser...
This vulnerability allows a local user with filesystem access to escalate privileges on IBM Db2 for Windows systems due to an unquoted search path element. Attackers could execute arbitrary code with ...
This CVE describes a local privilege escalation vulnerability in IBM Db2 where an instance owner can execute malicious code to gain root privileges. The vulnerability affects Db2 versions 11.5.0 throu...
IBM Db2 12.1.0 through 12.1.3 on Linux, UNIX, and Windows (including Db2 Connect Server) contains a local privilege escalation vulnerability. Under specific configurations, a local authenticated user ...
A local user can exploit a stack-based buffer overflow in IBM Db2's db2fm component on Linux systems to execute arbitrary code with elevated privileges. This vulnerability affects IBM Db2 for Linux ve...
This vulnerability allows users with access to IBM Db2 Kubernetes pods to make unauthorized system calls, potentially compromising container security. It affects IBM Db2 on Cloud Pak for Data and Db2 ...
This vulnerability in IBM Db2 for Windows allows a local user to escalate privileges to SYSTEM level using the MSI repair functionality. It affects Db2 versions 10.5, 11.1, and 11.5 on Windows systems...
IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.1 and 11.5 are vulnerable to denial of service attacks when processing specially crafted queries. This vulnerability allo...
IBM Db2 databases running on Linux, UNIX, or Windows are vulnerable to denial of service attacks through specially crafted queries. Attackers can crash or degrade database performance by exploiting im...
This CVE describes a buffer overflow vulnerability in IBM Db2's db2set utility across multiple versions. An attacker could exploit this to execute arbitrary code on affected systems. Organizations run...
IBM Db2 databases running versions 10.5, 11.1, and 11.5 on Linux, UNIX, or Windows are vulnerable to denial of service attacks. Attackers can crash the database service by sending specially crafted qu...
This vulnerability allows local attackers to escalate privileges on IBM Db2 for Windows systems by exploiting unquoted service paths. Attackers can place malicious executables in service paths to exec...
IBM DB2 databases on Linux, UNIX, and Windows can crash when compiling certain anonymous blocks, causing denial of service. This affects DB2 versions 10.5, 11.1, and 11.5, including Db2 Connect Server...
This vulnerability in IBM Db2 allows unauthorized information disclosure through improper privilege management when using table functions. Attackers can access sensitive data they shouldn't have permi...
IBM Db2's LOAD utility fails to properly enforce directory restrictions under certain circumstances, allowing unauthorized access to sensitive files. This information disclosure vulnerability affects ...
This vulnerability allows users with DBADM authority in IBM Db2 to access other databases and read or modify files beyond their intended permissions. It affects IBM Db2 for Linux, UNIX and Windows (in...
IBM Db2 databases can leak sensitive information when administrators use the ADMIN_CMD procedure with LOAD or BACKUP commands. This affects Db2 for Linux, UNIX, Windows, and Db2 Connect Server install...
CVE-2021-29702 is a denial-of-service vulnerability in IBM Db2 where a specially crafted SELECT statement causes the database server to crash and terminate abnormally. This affects Db2 for Linux, UNIX...
This vulnerability allows an unauthenticated attacker to cause a denial of service by triggering a hang during SSL handshake responses in IBM DB2. Affected systems include IBM DB2 for Linux, UNIX and ...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper input sanitization in data query logic. It affects Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries that trigger improper neutralization of special elements. It affects Db2 for...
IBM Db2 databases are vulnerable to denial of service attacks when processing specially crafted queries due to insufficient input validation. This affects Db2 for Linux, UNIX, Windows, and Db2 Connect...
This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by exploiting improper input sanitization in the RPSCAN feature's data query logic. It affects Db2 versions 11.5.0...
IBM Db2 databases running vulnerable versions can crash when processing specially crafted XML queries, causing denial of service. This affects Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, and W...
This CVE describes an authorization bypass vulnerability in IBM Db2 where authenticated users can execute unauthorized commands by exploiting cataloged remote storage aliases. It affects Db2 versions ...
IBM Db2 databases are vulnerable to denial of service attacks when users execute queries containing the JSON_Object scalar function, which can trigger an unhandled exception and crash the server. This...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries. It affects Db2 versions 11.5.0 through 11.5.9 on Linux, UNIX, and Windows s...
This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query logic. It affects Db2 versions 11.5.0-11.5.9 and ...
This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query logic. It affects IBM Db2 for Linux, UNIX and Win...
This vulnerability in IBM Db2 allows authenticated users to execute specially crafted SQL statements with XML that trigger uncontrolled recursion, leading to denial of service. It affects Db2 versions...
This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by excessively using a global variable. It affects IBM Db2 for Linux, UNIX and Windows, including DB2 Connect Serv...
IBM Db2 databases running vulnerable versions can experience denial of service when specific SELECT queries are executed against certain table types, causing a trap (crash). This affects Db2 11.5.0-11...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource allocation. It affects Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, ...
This vulnerability in IBM Db2 allows a local user to cause a denial of service by copying large tables containing XML data, due to improper system resource allocation. It affects IBM Db2 for Linux, UN...
This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query logic. It affects Db2 versions 11.5.0-11.5.9 and ...
IBM Db2 database servers running versions 11.5.0 through 11.5.9 are vulnerable to denial of service attacks. An authenticated user can crash the server by executing a specially crafted query, disrupti...
IBM Db2's clpplus command exposes user credentials in terminal output, allowing anyone with physical access to the system to view them. This affects Db2 versions 11.1.0-11.1.4.7, 11.5.0-11.5.9, and 12...
A local user on systems running vulnerable IBM Db2 versions can cause a denial of service by exploiting a flaw in the database monitor script. The script incorrectly detects that the instance is still...
This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query logic. It affects IBM Db2 12.1.0 through 12.1.2 o...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource release after use. It affects Db2 versions 10.5.0-10.5.11, 11.1.0-11.1.4.7, 11.5.0-1...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource allocation. It affects Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, ...
IBM Db2 databases running vulnerable versions can be crashed by a specially crafted query, causing denial of service. This affects Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, and 12.1.0-12.1.3 on Linux, UNIX,...
This vulnerability in IBM Db2 allows authenticated users to regain access to their accounts even after being locked out due to password expiration. It affects IBM Db2 versions 10.5.0-10.5.11, 11.1.0-1...
IBM Db2 database servers running vulnerable versions can crash when processing specially crafted queries due to improper memory resource release. This denial of service vulnerability affects Db2 11.5....
IBM Db2 database servers are vulnerable to denial of service attacks where a specially crafted query can cause the server to crash. This affects Db2 versions 10.5.0.0 through 10.5.0.11, 11.1.0 through...
IBM Db2 for Linux versions 12.1.0 through 12.1.2 contain a vulnerability where a specially crafted query can cause the database server to crash, resulting in denial of service. This affects organizati...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service through CPU resource exhaustion when using Q replication. It affects Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.1 on...
IBM Db2 databases running vulnerable versions can be crashed by sending specially crafted queries, causing denial of service. This affects Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, and 12.1.0-12.1.1 on Linu...
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by concurrently accessing shared resources. It affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Se...