Db2@10.5 Security Vulnerabilities and Issues — Db2@10.5 CVE List

Lucene search

IbmDb210.5

11 matches found

CVE•added 2021/06/24 7:15 p.m.•86 views

CVE-2021-20579

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

6.5CVSS6.8AI score0.00355EPSS

CVE•added 2021/06/24 7:15 p.m.•80 views

CVE-2021-29703

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

7.5CVSS7.2AI score0.00642EPSS

CVE•added 2021/06/24 7:15 p.m.•79 views

CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

6.5CVSS6.5AI score0.00414EPSS

CVE•added 2021/12/09 5:15 p.m.•77 views

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

8.7CVSS8AI score0.00097EPSS

CVE•added 2021/12/09 5:15 p.m.•69 views

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

5.5CVSS6.5AI score0.00057EPSS

CVE•added 2021/12/09 5:15 p.m.•69 views

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS7.7AI score0.00053EPSS

CVE•added 2021/12/09 5:15 p.m.•64 views

CVE-2021-20373

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

7.5CVSS7.4AI score0.00073EPSS

CVE•added 2021/03/11 4:15 p.m.•61 views

CVE-2020-5025

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

8.4CVSS7.9AI score0.00306EPSS

CVE•added 2021/03/11 4:15 p.m.•52 views

CVE-2020-5024

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

7.5CVSS7.1AI score0.01607EPSS

CVE•added 2021/03/11 4:15 p.m.•44 views

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

5.1CVSS5.4AI score0.00086EPSS

CVE•added 2021/05/26 5:15 p.m.•40 views

CVE-2019-4588

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.

7.8CVSS7.8AI score0.00116EPSS