Db2@11.1.4.7 Security Vulnerabilities and Issues — Db2@11.1.4.7 CVE List

Lucene search

IbmDb211.1.4.7

12 matches found

CVE•added 2023/07/10 4:15 p.m.•140 views

CVE-2023-30431

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.

8.4CVSS8.2AI score0.0002EPSS

CVE•added 2023/07/10 4:15 p.m.•132 views

CVE-2023-30442

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.

7.5CVSS6.3AI score0.00043EPSS

CVE•added 2023/07/10 4:15 p.m.•119 views

CVE-2023-27558

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected serv...

8.4CVSS7.9AI score0.00016EPSS

CVE•added 2023/07/10 4:15 p.m.•62 views

CVE-2023-30448

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

7.5CVSS6.6AI score0.00039EPSS

CVE•added 2023/07/10 4:15 p.m.•62 views

CVE-2023-30449

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

7.5CVSS7.6AI score0.00039EPSS

CVE•added 2023/07/10 4:15 p.m.•60 views

CVE-2023-27867

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerabil...

8.8CVSS7.2AI score0.001EPSS

CVE•added 2023/07/10 4:15 p.m.•52 views

CVE-2023-30445

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

7.5CVSS7.6AI score0.00039EPSS

CVE•added 2023/07/10 4:15 p.m.•48 views

CVE-2023-30447

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

7.5CVSS6.2AI score0.00039EPSS

CVE•added 2023/07/10 4:15 p.m.•47 views

CVE-2023-27869

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exp...

8.8CVSS7.3AI score0.001EPSS

CVE•added 2023/07/10 4:15 p.m.•46 views

CVE-2023-27868

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginCl...

8.8CVSS7.2AI score0.001EPSS

CVE•added 2023/07/10 4:15 p.m.•44 views

CVE-2023-30446

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .

7.5CVSS6.2AI score0.00039EPSS

CVE•added 2023/07/10 4:15 p.m.•42 views

CVE-2023-29256

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

6.5CVSS5.5AI score0.0003EPSS