Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36319

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 Jun, 2026 | 20:23
Updated At-01 Jul, 2026 | 15:45
Rejected At-
Credits

Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 Jun, 2026 | 20:23
Updated At:01 Jul, 2026 | 15:45
Rejected At:
▼CVE Numbering Authority (CNA)
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

Affected Products
Vendor
IBM CorporationIBM
Product
watsonx.data intelligence
CPEs
  • cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Versions
Affected
  • 5.2.0, 5.2.1, 5.2.2, 5.3.0
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770 Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-770
Description: CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/pages/node/7277801
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7277801
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 Jun, 2026 | 21:16
Updated At:01 Jul, 2026 | 17:16

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-770Secondarypsirt@us.ibm.com
CWE ID: CWE-770
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7277801psirt@us.ibm.com
N/A
Hyperlink: https://www.ibm.com/support/pages/node/7277801
Source: psirt@us.ibm.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

139Records found

CVE-2024-38316
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 27.43%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 22:30
Updated-06 Mar, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Shares Denial of Service

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_sharesAspera Shares
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-28760
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 36.46%
||
7 Day CHG~0.00%
Published-11 May, 2024 | 13:00
Updated-07 Jan, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise denial of service

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseApp Connect Enterprise
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36091
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 22.84%
||
7 Day CHG+0.03%
Published-03 Nov, 2025 | 15:14
Updated-05 Nov, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Business Automation Insights unverified ownership

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_business_automationCloud Pak For Business Automation
CWE ID-CWE-283
Unverified Ownership
CVE-2022-43903
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 44.67%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 23:49
Updated-26 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43908
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 44.67%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:56
Updated-21 Oct, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-20
Improper Input Validation
CVE-2024-56343
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 21.24%
||
7 Day CHG+0.01%
Published-06 Jun, 2025 | 01:28
Updated-24 Aug, 2025 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Verify Identity Access Digital Credentials denial of service

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

Action-Not Available
Vendor-IBM Corporation
Product-verify_identity_access_digital_credentialsVerify Identity Access Digital Credentials
CWE ID-CWE-771
Missing Reference to Active Allocated Resource
CVE-2024-52362
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.82%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 14:04
Updated-01 Sep, 2025 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise Certified Container denial of service

IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_operatorapp_connect_enterprise_certified_containers_operandsApp Connect Enterprise Certified Container
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2019-4655
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.20% / 64.43%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 15:35
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966.

Action-Not Available
Vendor-IBM Corporation
Product-mqmq_applianceMQ
CVE-2019-4194
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.36% / 68.37%
||
7 Day CHG+0.04%
Published-17 Jul, 2019 | 14:05
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_for_service_managementJazz for Service Management
CVE-2019-4533
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.02% / 59.26%
||
7 Day CHG~0.00%
Published-28 Aug, 2020 | 14:35
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-resilient_security_orchestration_automation_and_responselinuxResilient SOAR
CWE ID-CWE-20
Improper Input Validation
CVE-2025-13212
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.62%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 19:54
Updated-17 Mar, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Console Denial of Service

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaspera_consolewindowsAspera Console
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2021-20372
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.21% / 64.62%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 18:05
Updated-16 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling File Gateway
CVE-2026-6053
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 0.96%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:10
Updated-29 May, 2026 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36387
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.74%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-05 Feb, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36099
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.30% / 21.61%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 18:20
Updated-03 Oct, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server denial of service

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36140
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.57%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 22:11
Updated-10 Dec, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM watsonx.data Denial of Service

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.datawatsonx.data
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36035
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 2.41%
||
7 Day CHG~0.00%
Published-14 Sep, 2025 | 12:52
Updated-19 Dec, 2025 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerVM Hypervisor denial of service

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-power_system_s924_\(9009-42a\)power_system_s922_\(9009-22g\)power_system_s1012_\(9028-21b\)power_system_l922_\(9008-22l\)power_system_h922_\(9223-22s\)power_system_s924_\(9009-42g\)power_system_e1050_\(9043-mrx\)power_system_s1022_\(9105-22a\)power_system_s914_\(9009-41a\)power_system_s914_\(9009-41g\)powervm_hypervisorpower_system_s922_\(9009-22a\)power_system_h924_\(9223-42h\)power_system_s1022s_\(9105-22b\)power_system_h922_\(9223-22h\)power_system_s1014_\(9105-41b\)power_system_h924_\(\(9223-42s\)power_system_l1022_\(9786-22h\)power_system_s1024_\(9105-42a\)power_system_e950_\(9040-mr9\)power_system_l1024_\(9786-42h\)power_system_e1080_\(9080-hex\)power_system_e980_\(9080-m9s\)PowerVM Hypervisor
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36098
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 26.72%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36123
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.13% / 3.23%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36047
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.89%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 15:38
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-IBM CorporationApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-websphere_application_serverz\/oswindowsaixilinux_kernelmacosWebSphere Application Server Liberty
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36070
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 27.03%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36136
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 0.83%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 18:45
Updated-19 Nov, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36008
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 16.78%
||
7 Day CHG+0.01%
Published-07 Nov, 2025 | 18:57
Updated-19 Nov, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-3221
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.62%
||
7 Day CHG~0.00%
Published-21 Jun, 2025 | 12:44
Updated-24 Aug, 2025 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-windowsinfosphere_information_serverlinux_kernelaixInfoSphere Information Server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-3050
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 22.03%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 19:13
Updated-26 Aug, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-2668
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 26.68%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2025-25032
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 17:26
Updated-24 Aug, 2025 | 11:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics denial of service

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-Cognos Analytics
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-22404
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 56.60%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 16:45
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-22488
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.47% / 37.63%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 17:02
Updated-28 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenBMC denial of service

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.

Action-Not Available
Vendor-IBM Corporation
Product-power_system_ac922_\(8335-gtx\)power_system_ac922_\(8335-gtg\)power_system_ac922_\(8335-gtg\)_firmwarepower_system_ac922_\(8335-gth\)_firmwarepower_system_ac922_\(8335-gtx\)_firmwarepower_system_ac922_\(8335-gth\)OpenBMC
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-1823
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.22% / 12.05%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 21:07
Updated-12 Feb, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Jazz Reporting Service Denial of Service

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_reporting_serviceJazz Reporting Service
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-0915
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.32%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 20:56
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-27540
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.98% / 57.88%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:22
Updated-25 Oct, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson CP4D Data Stores denial of service

IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftwatson_cp4d_data_storescloud_pak_for_dataWatson CP4D Data Stores
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-1000
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.32%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 20:55
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-54178
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.00%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 13:15
Updated-30 Jun, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2_warehousedb2cloud_pak_for_dataDb2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-1718
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:18
Updated-02 Jun, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernellinux_on_ibm_zdb2Db2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-1376
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.30%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 21:53
Updated-19 Mar, 2026 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i Denial of Service

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-34357
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.21% / 64.69%
||
7 Day CHG~0.00%
Published-24 Feb, 2024 | 15:38
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Analytics Mobile Server denial of service

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510.

Action-Not Available
Vendor-NetApp, Inc.IBM Corporation
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-45669
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 25.95%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 20:06
Updated-17 Sep, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Information Queue denial of service

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_kernelsecurity_verify_information_queueSecurity Verify Information Queue
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-45100
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.53% / 41.04%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 12:22
Updated-16 Jul, 2025 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security QRadar EDR denial of service

IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_qradar_edrSecurity QRadar EDR
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-45662
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2025 | 16:19
Updated-14 Aug, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Safer Payments denial of service

IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-safer_paymentsSafer Payments
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41742
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:03
Updated-16 Jul, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41762
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 30.91%
||
7 Day CHG+0.01%
Published-07 Dec, 2024 | 13:30
Updated-31 Jan, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-40680
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.58%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 14:02
Updated-31 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.

Action-Not Available
Vendor-IBM Corporation
Product-mq_operatorMQ
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38335
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.18% / 7.84%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 17:13
Updated-18 Aug, 2025 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security QRadar Network Threat Analytics denial of service

IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_threat_analyticsSecurity QRadar Network Threat Analytics
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-3632
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.56%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 16:21
Updated-28 Aug, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM 4769 Developers Toolkit denial of service

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size.

Action-Not Available
Vendor-IBM Corporation
Product-4769_developers_toolkit4769 Developers Toolkit
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36122
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.57%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:48
Updated-27 May, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-27556
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.01% / 58.94%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 00:56
Updated-30 Jan, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Safer Payments denial of service

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.

Action-Not Available
Vendor-IBM Corporation
Product-safer_paymentsSafer Payments
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-35116
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 48.73%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 18:20
Updated-21 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-51461
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 28.03%
||
7 Day CHG+0.03%
Published-11 Apr, 2025 | 01:13
Updated-01 Sep, 2025 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar WinCollect Agent denial of service

IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_wincollectQRadar WinCollect Agent
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41761
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 32.63%
||
7 Day CHG~0.00%
Published-23 Nov, 2024 | 01:57
Updated-31 Jan, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernellinux_on_ibm_zdb2Db2 for Linux, UNIX and Windows
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found