CVE-2023-27559

MEDIUM 5.3

IBM Db2 denial of service

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

CWE	CWE-20
Vendor	ibm
Product	db2 for linux, unix and windows
Published	Apr 26, 2023
Last Updated	Nov 21, 2024

Stay Ahead of the Next One

Get instant alerts for ibm db2 for linux, unix and windows

Be the first to know when new medium vulnerabilities affecting ibm db2 for linux, unix and windows are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

IBM / Db2 for Linux, UNIX and Windows

10.5, 11.1, 11.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ibm.com: https://www.ibm.com/support/pages/node/6985667 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/249196 security.netapp.com: https://security.netapp.com/advisory/ntap-20230511-0010/