db2

9.7

MAJOR_MINOR 2 CVEs

10.1

MAJOR_MINOR 2 CVEs

10.5

MAJOR_MINOR 4 CVEs

11.5

MAJOR_MINOR 3 CVEs

11.1

MAJOR_MINOR 4 CVEs

10.5, 11.1, 11.5

OTHER 1 CVE

CVE-2024-40679

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.

MEDIUM Jan 08, 2025

CVE-2023-38729

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

MEDIUM Apr 03, 2024

CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

HIGH Jan 07, 2024

CVE-2019-4014

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.

HIGH Apr 03, 2019

CVE-2018-1936

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

HIGH Apr 03, 2019