Vulnerabilities > IBM > DB2

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2023-25930 Improper Input Validation vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service.
network
high complexity
ibm CWE-20
5.9
2023-04-28 CVE-2023-27555 Improper Input Validation vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers.
network
low complexity
ibm CWE-20
7.5
2023-04-27 CVE-2023-29255 Improper Input Validation vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block.
network
low complexity
ibm CWE-20
7.5
2023-04-26 CVE-2023-27559 Improper Input Validation vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery.
network
low complexity
ibm CWE-20
7.5
2023-04-26 CVE-2023-29257 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.
network
low complexity
ibm
7.2
2023-02-17 CVE-2022-43930 Information Exposure Through Log Files vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file.
network
low complexity
ibm CWE-532
7.5
2023-02-17 CVE-2022-43927 Improper Privilege Management vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.
network
low complexity
ibm CWE-269
7.5
2023-02-17 CVE-2022-43929 Improper Input Validation vulnerability in IBM DB2 11.1/11.5
IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command.
network
low complexity
ibm CWE-20
7.5
2022-12-12 CVE-2022-41296 Cross-Site Request Forgery (CSRF) vulnerability in IBM DB2 and DB2 Warehouse
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-09-13 CVE-2022-22483 Improper Privilege Management vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used.
network
low complexity
ibm CWE-269
6.5