Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm db2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11614
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial informatio...
Medhost Connex -
9.1
CVSSv3
CVE-2018-1426
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
Ibm Db2 10.1
Ibm Db2 11.1
Ibm Db2 10.5
Ibm Db2 9.7
8.8
CVSSv3
CVE-2023-27867
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated malicious user to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker coul...
Ibm Db2 10.5.0.11
Ibm Db2 11.1.4.7
Ibm Db2 11.5
8.8
CVSSv3
CVE-2023-27868
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request...
Ibm Db2 10.5.0.11
Ibm Db2 11.1.4.7
Ibm Db2 11.5
8.8
CVSSv3
CVE-2023-27869
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile proper...
Ibm Db2 10.5.0.11
Ibm Db2 11.1.4.7
Ibm Db2 11.5
8.8
CVSSv3
CVE-2022-41296
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
Ibm Db2 3.5
Ibm Db2 4.5
Ibm Db2 4.0
Ibm Db2 Warehouse 3.5
Ibm Db2 Warehouse 4.5
Ibm Db2 Warehouse 4.0
8.7
CVSSv3
CVE-2021-29678
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.
Ibm Db2 9.7
Ibm Db2 10.1
Ibm Db2 10.5
Ibm Db2 11.1
Ibm Db2 11.5
Netapp Oncommand Insight -
8.1
CVSSv3
CVE-2020-4945
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.
Ibm Db2 11.5
8.1
CVSSv3
CVE-2016-10577
ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db prior to 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested b...
Ibm Ibm Db
7.8
CVSSv3
CVE-2024-22346
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
Ibm I 7.3
Ibm I 7.4
Ibm I 7.5
Ibm I 7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »