IbmVULNRICHMENT:CVE-2024-31882CVE-2024-31882 IBM Db2 denial of service
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
14.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
],
"vendor": "IBM",
"product": "Db2 for Linux, UNIX and Windows",
"versions": [
{
"status": "affected",
"version": "11.1, 11.5"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
14.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial