fkie_cve-2024-52894
Vulnerability from fkie_nvd
Published
2025-07-29 19:15
Modified
2025-08-07 00:28
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
References
▶ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240953 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "matchCriteriaId": "385D4613-C252-4075-8485-55B8E32DC970", "versionEndIncluding": "10.5.0.11", "versionStartIncluding": "10.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "matchCriteriaId": "9DD542DB-0839-4057-8551-55154788182A", "versionEndIncluding": "10.5.0.11", "versionStartIncluding": "10.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D9ED6DEF-712F-4BB0-8676-D5DB6A269EBF", "versionEndIncluding": "10.5.0.11", "versionStartIncluding": "10.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "matchCriteriaId": "5971CCFD-FB34-4216-8A87-A4310EF34F23", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "matchCriteriaId": "960AA97F-0D2C-4B33-9754-69BC28399BCE", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "matchCriteriaId": "5D256132-BDD1-4EE8-95CE-D8F6F1A34085", "versionEndIncluding": "12.1.2", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "matchCriteriaId": "7C549B0C-9BA1-4287-8734-62B6E76D2C5E", "versionEndIncluding": "12.1.2", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B546C523-9A9C-4555-8A2E-2E7D1676F695", "versionEndIncluding": "12.1.2", "versionStartIncluding": "12.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query." }, { "lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5.0.0 a 10.5.0.11, 11.1.0 a 11.1.4.7, 11.5.0 a 11.5.9 y 12.1.0 a 12.1.2 es vulnerable a una denegaci\u00f3n de servicio, ya que el servidor puede bloquearse en determinadas condiciones con una consulta especialmente manipulada." } ], "id": "CVE-2024-52894", "lastModified": "2025-08-07T00:28:38.390", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2025-07-29T19:15:44.670", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7240953" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "psirt@us.ibm.com", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…