Lucene search

IbmCVE-2024-35152

HistoryAug 14, 2024 - 6:15 p.m.

CVE-2024-35152

2024-08-1418:15:12

CWE-789

ibm

web.nvd.nist.gov

ibm

db2

11.5

denial of service

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

14.1%

JSON

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.

Affected configurations

Nvd

Vulners

Node

ibmdb2Match11.5.8aix

ibmdb2Match11.5.8linux

ibmdb2Match11.5.8windows

ibmdb2Match11.5.9aix

ibmdb2Match11.5.9linux

ibmdb2Match11.5.9windows

VendorProductVersionCPE
ibmdb211.5.8cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:aix:*:*
ibmdb211.5.8cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:linux:*:*
ibmdb211.5.8cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:windows:*:*
ibmdb211.5.9cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*
ibmdb211.5.9cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*
ibmdb211.5.9cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
ibm	db2	11.5.8	cpe:2.3:a:ibm:db2:11.5.8:::::aix::
ibm	db2	11.5.8	cpe:2.3:a:ibm:db2:11.5.8:::::linux::
ibm	db2	11.5.8	cpe:2.3:a:ibm:db2:11.5.8:::::windows::
ibm	db2	11.5.9	cpe:2.3:a:ibm:db2:11.5.9:::::aix::
ibm	db2	11.5.9	cpe:2.3:a:ibm:db2:11.5.9:::::linux::
ibm	db2	11.5.9	cpe:2.3:a:ibm:db2:11.5.9:::::windows::

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
      "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Db2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.5"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/292639

www.ibm.com/support/pages/node/7165342

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-35152