Vulnerabilities > IBM > DB2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-28 | CVE-2023-25930 | Improper Input Validation vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. | 5.9 |
2023-04-28 | CVE-2023-27555 | Improper Input Validation vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. | 7.5 |
2023-04-27 | CVE-2023-29255 | Improper Input Validation vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. | 7.5 |
2023-04-26 | CVE-2023-27559 | Improper Input Validation vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. | 7.5 |
2023-04-26 | CVE-2023-29257 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. | 7.2 |
2023-02-17 | CVE-2022-43930 | Information Exposure Through Log Files vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. | 7.5 |
2023-02-17 | CVE-2022-43927 | Improper Privilege Management vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. | 7.5 |
2023-02-17 | CVE-2022-43929 | Improper Input Validation vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. | 7.5 |
2022-12-12 | CVE-2022-41296 | Cross-Site Request Forgery (CSRF) vulnerability in IBM DB2 and DB2 Warehouse IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2022-09-13 | CVE-2022-22483 | Improper Privilege Management vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. | 6.5 |