Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Db2  >> 11.1.4.4  Security Vulnerabilities
CVE-2023-47145
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-01-07
CVE-2023-40687
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-04
CVE-2023-29258
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-04
CVE-2023-38727
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-04
CVE-2023-47701
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-04
CVE-2020-4976
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.
CVSS Score
5.1
EPSS Score
0.001
Published
2021-03-11
CVE-2020-5024
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-03-11
CVE-2020-5025
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.
CVSS Score
8.4
EPSS Score
0.003
Published
2021-03-11
CVE-2019-4386
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-07-01
CVE-2019-4101
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.
CVSS Score
6.2
EPSS Score
0.001
Published
2019-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved