Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-10 CVE-2023-27540 Allocation of Resources Without Limits or Throttling vulnerability in IBM Cloud PAK for Data and Watson Cp4D Data Stores
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service.
network
low complexity
ibm CWE-770
7.5
7.5
2023-07-10 CVE-2023-27558 Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path.
local
low complexity
ibm CWE-269
7.8
7.8
2023-07-10 CVE-2023-27867 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection.
network
low complexity
ibm CWE-94
8.8
8.8
2023-07-10 CVE-2023-27868 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes.
network
low complexity
ibm CWE-94
8.8
8.8
2023-07-10 CVE-2023-27869 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection.
network
low complexity
ibm CWE-94
8.8
8.8
2023-07-10 CVE-2023-28958 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection.
local
low complexity
ibm CWE-1236
7.8
7.8
2023-07-10 CVE-2023-30431 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking.
local
low complexity
ibm CWE-119
7.8
7.8
2023-07-10 CVE-2023-30442 Unspecified vulnerability in IBM DB2 11.1.4.7/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options.
network
low complexity
ibm
7.5
7.5
2023-07-10 CVE-2023-30445 Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.
network
low complexity
ibm
7.5
7.5
2023-07-10 CVE-2023-30446 Unspecified vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables.
network
low complexity
ibm
7.5
7.5