Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36423

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 Jan, 2026 | 21:27
Updated At-02 Feb, 2026 | 16:31
Rejected At-
Credits

IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 Jan, 2026 | 21:27
Updated At:02 Feb, 2026 | 16:31
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Affected Products
Vendor
IBM CorporationIBM
Product
Db2 for Linux, UNIX and Windows
CPEs
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:linux:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:unix:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:zos:*:*
Default Status
unaffected
Versions
Affected
  • From 12.1.0 through 12.1.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1284CWE-1284 Improper Validation of Specified Quantity in Input
Type: CWE
CWE ID: CWE-1284
Description: CWE-1284 Improper Validation of Specified Quantity in Input
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Customers running any vulnerable modpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.   ReleaseFixed in mod packAPARDownload URLV12.1TBD https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads Special Build #71609 or later for V12.1.3 available at this link: https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7257694
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7257694
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 Jan, 2026 | 22:15
Updated At:05 Feb, 2026 | 19:43

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-1284Primarypsirt@us.ibm.com
CWE ID: CWE-1284
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7257694psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7257694
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

242Records found
CVE-2025-14689
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.84%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 17:12
Updated-18 Feb, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-13867
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.13%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 17:13
Updated-18 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-52901
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.42%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 16:06
Updated-07 Jan, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-3676
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.97%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 12:48
Updated-02 Jun, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_application_performance_managemenCloud APM, Advanced PrivateCloud APM, Base Private
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-1352
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 23:37
Updated-24 Apr, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.

Action-Not Available
Vendor-IBM Corporation
Product-Db2
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2026-1577
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.82%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:49
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2025-36424
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-11 Feb, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-36092
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.01%
||
7 Day CHG-0.00%
Published-03 Nov, 2025 | 15:15
Updated-05 Nov, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Business Automation Insights improper input validation

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_business_automationCloud Pak For Business Automation
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-36015
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.60%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 21:22
Updated-10 Dec, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Controller Denial of Service

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.

Action-Not Available
Vendor-IBM Corporation
Product-controllercognos_controllerCognos ControllerController
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-36009
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.97%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-11 Feb, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-36407
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.93%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-10 Feb, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-36427
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-11 Feb, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2023-32341
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.22%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:58
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator denial of service

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-30434
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 14:03
Updated-29 Jan, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Scale denial of service

IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleelastic_storage_systemElastic Storage SystemSpectrum Scale
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29267
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.81%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 18:24
Updated-28 Aug, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-399
Not Available
CVE-2023-28527
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 6.99%
||
7 Day CHG~0.00%
Published-09 Dec, 2023 | 02:15
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Informix Dynamic Server buffer overflow

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

Action-Not Available
Vendor-IBM Corporation
Product-informix_dynamic_server_on_cloud_pak_for_datainformix_dynamic_serverInformix Dynamic Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28526
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 6.99%
||
7 Day CHG~0.00%
Published-09 Dec, 2023 | 02:22
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Informix Dynamic Server buffer overflow

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.

Action-Not Available
Vendor-IBM Corporation
Product-informix_dynamic_server_on_cloud_pak_for_datainformix_dynamic_serverInformix Dynamic Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1992
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.31%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 16:54
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-unixlinux_kernelwindowsdb2Db2 for Linux, UNIX and Windows
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-1838
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.40%
||
7 Day CHG~0.00%
Published-03 May, 2025 | 18:23
Updated-28 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Business Automation denial of service

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_business_automationCloud Pak for Business Automation
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2021-29856
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 59.61%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CVE-2021-29714
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.78%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 16:05
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29862
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 19:25
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2023-27279
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.29%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 16:39
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex denial of service

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspexaspera_faspex
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2021-29843
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.78%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 16:50
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CVE-2021-29777
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.96%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:45
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-29899
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.85%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 15:40
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_quality_assistant_on-premisesEngineering Requirements Quality Assistant
CVE-2023-25927
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.20%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 17:38
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access denial of service

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24971
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.80%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 01:16
Updated-18 Oct, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM B2B Advanced Communication denial of service

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.

Action-Not Available
Vendor-IBM Corporation
Product-b2b_advanced_communicationsmulti-enterprise_integration_gatewayB2B Advanced CommunicationsMulti-Enterprise Integration Gateway
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-20490
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.04% / 12.80%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 15:50
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-20573
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 71.50%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 16:10
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_identity_manager_adapterSecurity Identity Manager Adapters
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-13211
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 14.24%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 19:45
Updated-15 Dec, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Orchestrator Denial of Service

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_orchestratorlinux_kernelAspera Orchestrator
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2021-20546
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_for_space_managementspectrum_protect_clientSpectrum Protect for Space Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4492
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.37%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 12:55
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-0158
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.71%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 20:32
Updated-08 Jul, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX denial of service

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-windowslinux_kernelentirexEntireX
CWE ID-CWE-248
Uncaught Exception
CVE-2025-1000
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.31%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 20:55
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-0915
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.31%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 20:56
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-55909
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.48%
||
7 Day CHG-0.12%
Published-02 May, 2025 | 00:35
Updated-28 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software denial of service

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-concertlinux_kernelConcert Software
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2024-56468
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.36%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:41
Updated-24 Aug, 2025 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Data Replication VSAM for z/OS Remote Source denial of service

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_data_replicationInfoSphere Data Replication VSAM for z/OS Remote Source
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-6936
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:10
Updated-28 May, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i is Affected by a Denial of Service Vulnerability []

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-54175
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.14%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 16:19
Updated-26 Sep, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2012-4863
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 61.73%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 13:49
Updated-06 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqWebSphere MQ
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6052
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:09
Updated-28 May, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-52906
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.88%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 14:48
Updated-26 Dec, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX denial of service

IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.

Action-Not Available
Vendor-IBM Corporation
Product-AIX
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-52362
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 14:04
Updated-01 Sep, 2025 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise Certified Container denial of service

IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_operatorapp_connect_enterprise_certified_containers_operandsApp Connect Enterprise Certified Container
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2024-52895
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.86%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 14:36
Updated-03 Jul, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i denial of service

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-6051
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.61%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:07
Updated-28 May, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-51470
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 19:56
Updated-15 Aug, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values.

Action-Not Available
Vendor-IBM Corporation
Product-mq_for_hpe_nonstopmq_applianceMQ for HPE NonStopMQMQ Appliance
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-51473
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.31%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 19:02
Updated-17 Aug, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-49823
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.17%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:48
Updated-01 Sep, 2025 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Cryptographic Architecture denial of service

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.

Action-Not Available
Vendor-IBM Corporation
Product-4769 Developers ToolkitCommon Cryptographic Architecture
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49828
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.31%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 19:04
Updated-17 Aug, 2025 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found