Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IBM DB2 Multiple DoS Vulnerabilities (7240944, 7240945, 7240953) (Unix)

🗓️ 01 Aug 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

IBM Db2 has multiple denial of service vulnerabilities affecting various versions on Unix and Windows.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
7 Aug 202515:41
ibm
IBM Security Bulletins		Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
8 Aug 202509:58
ibm
IBM Security Bulletins		Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-49828)
9 Dec 202521:21
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.
23 Jan 202611:02
ibm
IBM Security Bulletins		Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-51473)
9 Dec 202521:25
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (August 2025 - Part 2 of 2)
2 Sep 202518:17
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
1 Sep 202507:46
ibm
IBM Security Bulletins		Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities
10 Sep 202517:30
ibm
IBM Security Bulletins		Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query when lock event monitor is activated (CVE-2024-52894)
9 Dec 202521:08
ibm
IBM Security Bulletins		Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
30 Jan 202616:58
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(243290);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2024-49828", "CVE-2024-51473", "CVE-2024-52894");
  script_xref(name:"IAVB", value:"2025-B-0127-S");

  script_name(english:"IBM DB2 Multiple DoS Vulnerabilities (7240944, 7240945, 7240953) (Unix)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to it self-reported version number, IBM Db2 is affected by multiple vulnerabilities.

  - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 
    through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service 
    as the server may crash under certain conditions with a specially crafted query.
    (CVE-2024-49828, CVE-2024-51473, CVE-2024-52894)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7240944");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7240945");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7240953");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate IBM DB2 Fix Pack or Special Build based on the most recent fix pack level for your branch.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-49828");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("db2_installed.nbin");
  script_require_keys("installed_sw/DB2 Server");
  script_exclude_keys("SMB/db2/Installed");

  exit(0);
}
include('vcf_extras_db2.inc');

# The remote host's OS is Windows, not Linux.
if (get_kb_item('SMB/db2/Installed'))
  audit(AUDIT_OS_NOT, 'Unix', 'Windows');

var app_info = vcf::ibm_db2::get_app_info();
# DB2 has an optional OpenSSH server that will run on
# windows.  We need to exit out if we picked up the windows
# installation that way.
if ('Windows' >< app_info['platform'])
  audit(AUDIT_HOST_NOT, 'a Unix based operating system');

var constraints = [
  {'equal':'10.5.0.11', 'fixed_build':'41583', 'fixed_display':'10.5.0.11 + Special Build 41583'},
  {'min_version':'10.5', 'max_version':'10.5.0.9', 'fixed_version':'10.5.0.11', 'fixed_display':'10.5.0.11 + Special Build 41583'},
  {'equal':'11.1.4.7', 'fixed_build':'41592', 'fixed_display':'11.1.4.7 + Special Build 41592'},
  {'min_version':'11.1', 'fixed_version':'11.1.4.7', 'fixed_display':'11.1.4.7 + Special Build 41592'},
  {'equal':'11.5.9.0', 'fixed_build':'62071', 'fixed_display':'11.5.9.0 + Special Build 62071'},
  {'min_version':'11.5', 'fixed_version':'11.5.9.0', 'fixed_display':'11.5.9.0 + Special Build 62071'},
  {'equal':'12.1.1.0', 'fixed_build':'62100', 'fixed_display':'12.1.1.0 + Special Build 62100 or 12.1.2'},
  {'min_version':'12.1', 'fixed_version':'12.1.1', 'fixed_display':'12.1.1.0 + Special Build 62100 or 12.1.2'},
];

vcf::ibm_db2::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jan 2026 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.5 - 7.5
EPSS0.00247
SSVC
ibm db2 vulnerabilitiesdenial of serviceunix vulnerabilitieswindows vulnerabilitiescve-2024-49828
3