Lucene search

IbmVULNRICHMENT:CVE-2023-52296

HistoryApr 03, 2024 - 12:30 p.m.

CVE-2023-52296 IBM Db2 for Linux, UNIX and Windows denial of service

2024-04-0312:30:40

CWE-20

ibm

github.com

ibm

db2

11.5

denial of service

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "Db2 for Linux, UNIX and Windows",
    "versions": [
      {
        "status": "affected",
        "version": "11.5"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/278547

security.netapp.com/advisory/ntap-20240517-0003/

www.ibm.com/support/pages/node/7145722

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for VULNRICHMENT:CVE-2023-52296