Security Bulletin: Vulnerabilities in Apache Commons Lang affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerabilities in Apache Commons Lang affect IBM® Db2® Big SQL 8.2.1 on IBM Cloud Pak for Data 5.2.1 and earlier. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: Multiple vulnerabilities in Java SE affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in Java SE 8 affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 & 5 Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, ...

Security Bulletin: Vulnerability in Axios affects IBM Db2 Big SQL on Cloud Pak for Data

Summary Vulnerability in Axios 1.11 and earlier affects IBM Db2 Big SQL 8.2 on Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and...

Security Bulletin: A vulnerability in Axios affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Axios 1.7.9 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...

Security Bulletin: A vulnerability in form-data affect IBM® Db2® Big SQL.

Summary A vulnerability in form-data affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: Multiple open source vulnerabilities affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple open source vulnerabilities affect IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header...

Security Bulletin: A vulnerability in module set-value affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in node.js open source package set-value affects IBM Db2 Big SQL 7.4.2 and earlier on Cloud Pak for Data 4.6.2 and earlier Vulnerability Details CVEID:CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387

Summary IBM Db2 Big SQL on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users or...

Security Bulletin: Multiple vulnerabilties affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple vulnerabilities affect IBM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a...

Security Bulletin: A vulnerability in the follow-redirect module affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js follow-redirect module affects IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in OpenSSL used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.6.0 and earlier. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note...

Security Bulletin: A vulnerability affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js ejs module affects IBM Db2 Big SQL 7.4 and earlier on Cloud Pak for Data 4.6 and earlier Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...

Security Bulletin: Vulnerability in follow-redirects-1.15.3.tgz affects IBM Db2 Big SQL

Summary A vulnerability in node.js follow-redirects-1.15.3.tgz package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...

Security Bulletin: Vulnerability in Golang affects IBM Db2 Big SQL

Summary A vulnerability in Golang golang.org/x/net-v0.2.0 package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sendi...

Security Bulletin: A vulnerability in body-parser-1.20.2.tgz affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in open source package expressjs body-parser-1.20.2.tgz affects IBM Db2 Big SQL 7.x on Cloud Pak for Data 5.x Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. ...

Security Bulletin: A vulnerability in python certifi package affects IBM Db2 Big SQL

Summary There is a vulnerability in python package certifi-2024.6.2-py3-none-any.whl affecting IBM Db2 Big SQL 7.7.0 on CP4D 5.0 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root...

CVE-2024-35160

CVE-2024-35160 affects IBM Watson Query on Cloud Pak for Data (DV/WQ) and IBM Db2 Big SQL on Cloud Pak for Data. The root cause is insufficient session expiration that could allow an authenticated user to obtain sensitive information. Affected versions include: DWQ/DV on CPD 1.8, 2.0, 2.1, 2.2 an...

CVE-2024-35160 IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

CVE-2024-35160 IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. These issues were disclosed in an IBM® Db2® Security Bulletin in July 2023. Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windo...