CVE-2024-35136

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/291307	Vendor Advisory
https://www.ibm.com/support/pages/node/7165341	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2::::::aix::*
	cpe:2.3:a:ibm:db2::::::hp-ux::*
	cpe:2.3:a:ibm:db2::::::linux::*
	cpe:2.3:a:ibm:db2::::::unix::*
	cpe:2.3:a:ibm:db2::::::windows::*
	cpe:2.3:a:ibm:db2::::::aix::*
	cpe:2.3:a:ibm:db2::::::hp-ux::*
	cpe:2.3:a:ibm:db2::::::linux::*
	cpe:2.3:a:ibm:db2::::::unix::*
	cpe:2.3:a:ibm:db2::::::windows::*
	cpe:2.3:a:ibm:db2::::::aix::*
	cpe:2.3:a:ibm:db2::::::hp-ux::*
	cpe:2.3:a:ibm:db2::::::linux::*
	cpe:2.3:a:ibm:db2::::::unix::*
	cpe:2.3:a:ibm:db2::::::windows::*

History

21 Sep 2024, 10:15

Type	Values Removed	Values Added
Summary	(en) IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 291307.	(en) IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

23 Aug 2024, 19:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:db2::::::aix::* cpe:2.3:a:ibm:db2::::::unix::* cpe:2.3:a:ibm:db2::::::hp-ux::* cpe:2.3:a:ibm:db2::::::linux::* cpe:2.3:a:ibm:db2::::::windows::*
First Time		Ibm Ibm db2
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 6.5
Summary		(es) El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegación de servicio con una consulta especialmente manipulada bajo ciertas condiciones. ID de IBM X-Force: 291307.
CWE		NVD-CWE-noinfo
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/291307 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/291307 - Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7165341 -~~	() https://www.ibm.com/support/pages/node/7165341 - Vendor Advisory

14 Aug 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-14 18:15

Updated : 2024-09-21 10:15

NVD link : CVE-2024-35136

Mitre link : CVE-2024-35136

CVE.ORG link : CVE-2024-35136

JSON object : View

Products Affected

ibm

CWE

NVD-CWE-noinfo CWE-943

Improper Neutralization of Special Elements in Data Query Logic

{"id": "CVE-2024-35136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2024-08-14T18:15:11.723", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291307", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7165341", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-943"}]}], "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307."}, {"lang": "es", "value": " El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegaci\u00f3n de servicio con una consulta especialmente manipulada bajo ciertas condiciones. ID de IBM X-Force: 291307."}], "lastModified": "2024-09-21T10:15:05.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*", "vulnerable": true, "matchCriteriaId": "19102F56-7E0F-4D9D-A77D-72262D455D3E", "versionEndIncluding": "10.5.11", "versionStartIncluding": "10.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:hp-ux:*:*", "vulnerable": true, "matchCriteriaId": "6749F2F7-22EA-4E19-A4F5-267CAF5D2647", "versionEndIncluding": "10.5.11", "versionStartIncluding": "10.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "A58F19B6-2B8C-49E5-83E8-5C370F21A990", "versionEndIncluding": "10.5.11", "versionStartIncluding": "10.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "CD93325D-7FD5-4EFE-9EFC-5656863269AB", "versionEndIncluding": "10.5.11", "versionStartIncluding": "10.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "523277B7-CC33-487B-9315-A783D03EC1BB", "versionEndIncluding": "10.5.11", "versionStartIncluding": "10.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*", "vulnerable": true, "matchCriteriaId": "51CDD6A3-B1B6-4A21-AC60-2BC4761B527C", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:hp-ux:*:*", "vulnerable": true, "matchCriteriaId": "0CCA3A21-1719-41E4-9398-8228A4F93AA7", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "09EB63CF-B13D-4BB6-9554-F7C243A95F10", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "0DDA0DE9-A4AD-41D8-9649-3303569EA9A4", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "9907B0C1-3852-43B3-88D3-269DA5D3B5FA", "versionEndIncluding": "11.1.4.7", "versionStartIncluding": "11.1.4"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:aix:*:*", "vulnerable": true, "matchCriteriaId": "35FE6D87-9C5F-446E-8953-8A3B2FCD0A53", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:hp-ux:*:*", "vulnerable": true, "matchCriteriaId": "A316FF22-DA43-4207-BEA8-580B157C807D", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27", "versionEndIncluding": "11.5.9", "versionStartIncluding": "11.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

6.5 /10