Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 (CVE-2025-68161)

Summary IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 CVE-2025-68161 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

CVE-2023-33854 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

EUVD-2023-60595

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

CVE-2024-54178

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

CVE-2025-2669

CVE-2025-2669 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions 4.8, 5.0, 5.1, 5.2, 5.3). The root cause is improper token validation, enabling a privileged user to perform operations and access sensitive information outside their authority. The available sou...

CVE-2024-54178

CVE-2024-54178 concerns IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data, affecting versions 4.8, 5.0, 5.1, 5.2, and 5.3. An authenticated user can cause a denial of service when creating new databases due to improper allocation of resources. The CVSS data indicates a Network...

EUVD-2024-55643

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935)

Problem Need to understand whether DB2 advisory impacts BigInsights 4.1 installations "Product":"code":"SSCRJT","label":"IBM Db2 Big SQL","Business Unit":"code":"BU048","label":"IBM Software","Component":"--","Platform":"code":"PF016","label":"Linux","Version":"4.1.0","Edition":"","Line of...

Security Bulletin: IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index (CVE-2026-1352)

Summary IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index. Vulnerability Details CVEID:CVE-2026-1352 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server...

GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

CVE-2025-13755

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...

CVE-2026-1352

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2026-6052

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...

CVE-2026-6051

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when running multiple concurrent queries with specific spatial table functions (CVE-2025-13867)

Summary IBM® Db2® is vulnerable to a denial of service when running multiple concurrent queries with specific spatial table functions CVE-2025-13867 Vulnerability Details CVEID:CVE-2025-13867 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about security vulnerabilities affecting IBM DB2 has been published in separate security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

CVE-2026-6053

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables...

Security Bulletin: IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets (CVE-2025-13755)

Summary IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets. Vulnerability Details CVEID:CVE-2025-13755 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially...