Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1977

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

Published

2018-12-14T16:29:00.283

Last Modified

2024-11-21T04:00:41.153

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm db2 11.1 Yes
Operating System linux linux_kernel - No
Application ibm db2 11.1 Yes
Operating System microsoft windows - No
References