Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-35136

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

Published

2024-08-14T18:15:11.723

Last Modified

2024-09-21T10:15:05.673

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-943
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	db2	≤ 10.5.11	Yes
Application	ibm	db2	≤ 10.5.11	Yes
Application	ibm	db2	≤ 10.5.11	Yes
Application	ibm	db2	≤ 10.5.11	Yes
Application	ibm	db2	≤ 10.5.11	Yes
Application	ibm	db2	≤ 11.1.4.7	Yes
Application	ibm	db2	≤ 11.1.4.7	Yes
Application	ibm	db2	≤ 11.1.4.7	Yes
Application	ibm	db2	≤ 11.1.4.7	Yes
Application	ibm	db2	≤ 11.1.4.7	Yes
Application	ibm	db2	≤ 11.5.9	Yes
Application	ibm	db2	≤ 11.5.9	Yes
Application	ibm	db2	≤ 11.5.9	Yes
Application	ibm	db2	≤ 11.5.9	Yes
Application	ibm	db2	≤ 11.5.9	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/291307 Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/7165341 Vendor Advisory ([email protected])