Db2@11.1 Security Vulnerabilities and Issues — Db2@11.1 CVE List

Lucene search

IbmDb211.1

11 matches found

CVE•added 2021/06/24 7:15 p.m.•86 views

CVE-2021-20579

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

6.5CVSS6.8AI score0.00355EPSS

CVE•added 2021/06/24 7:15 p.m.•80 views

CVE-2021-29703

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

7.5CVSS7.2AI score0.00642EPSS

CVE•added 2021/06/24 7:15 p.m.•79 views

CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

6.5CVSS6.5AI score0.00414EPSS

CVE•added 2021/12/09 5:15 p.m.•77 views

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

8.7CVSS8AI score0.00097EPSS

CVE•added 2021/12/09 5:15 p.m.•72 views

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

6.5CVSS6.5AI score0.00092EPSS

CVE•added 2021/12/09 5:15 p.m.•69 views

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

5.5CVSS6.5AI score0.00057EPSS

CVE•added 2021/12/09 5:15 p.m.•69 views

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS7.7AI score0.00053EPSS

CVE•added 2021/12/09 5:15 p.m.•64 views

CVE-2021-20373

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

7.5CVSS7.4AI score0.00073EPSS

CVE•added 2021/09/16 4:15 p.m.•49 views

CVE-2021-29763

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

5.1CVSS5.6AI score0.00056EPSS

CVE•added 2021/09/16 4:15 p.m.•49 views

CVE-2021-29825

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

7.5CVSS7.1AI score0.00299EPSS

CVE•added 2021/05/26 5:15 p.m.•40 views

CVE-2019-4588

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.

7.8CVSS7.8AI score0.00116EPSS