Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36427

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 Jan, 2026 | 21:27
Updated At-04 Feb, 2026 | 17:27
Rejected At-
Credits

IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 Jan, 2026 | 21:27
Updated At:04 Feb, 2026 | 17:27
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.

Affected Products
Vendor
IBM CorporationIBM
Product
Db2 for Linux, UNIX and Windows
CPEs
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*
  • cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*
  • cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*
  • cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:linux:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:unix:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:zos:*:*
Default Status
unaffected
Versions
Affected
  • From 11.5.0 through 11.5.9 (semver)
  • From 12.1.0 through 12.1.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1284CWE-1284 Improper Validation of Specified Quantity in Input
Type: CWE
CWE ID: CWE-1284
Description: CWE-1284 Improper Validation of Specified Quantity in Input
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Customers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2, and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.   ReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 V12.1   TBD   https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads Special Build #71609 or later for V12.1.3 available at this link: https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7257696
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7257696
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 Jan, 2026 | 22:15
Updated At:11 Feb, 2026 | 20:57

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
IBM Corporation
ibm
>>db2>>Versions from 11.5.0(inclusive) to 11.5.9(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
IBM Corporation
ibm
>>db2>>Versions from 11.5.0(inclusive) to 11.5.9(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*
IBM Corporation
ibm
>>db2>>Versions from 11.5.0(inclusive) to 11.5.9(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*
IBM Corporation
ibm
>>db2>>Versions from 12.1.0(inclusive) to 12.1.3(inclusive)
cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-1284Secondarypsirt@us.ibm.com
CWE ID: CWE-1284
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7257696psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7257696
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2024-31881
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.95%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 18:21
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-32341
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.59%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:58
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator denial of service

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22404
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.73%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 16:45
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterprise_certified_containerApp Connect Enterprise Certified Container
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-4869
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.71%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 17:10
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-31006
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.64%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 01:05
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container denial of service

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-4590
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 63.06%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 14:55
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server Liberty
CVE-2020-4781
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.73%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:05
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram SPM
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4511
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:10
Updated-17 Sep, 2024 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CVE-2020-4376
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.63%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 14:25
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081.

Action-Not Available
Vendor-IBM Corporation
Product-mq_for_hpe_nonstopMQ for HPE NonStop
CVE-2020-4931
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.68%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 17:20
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.

Action-Not Available
Vendor-IBM Corporation
Product-mqMQ Appliance
CVE-2020-4383
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.68%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 15:30
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-elastic_storage_serverlinux_kernelElastic Storage Server
CVE-2020-4399
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.68%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 20:30
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.

Action-Not Available
Vendor-IBM Corporation
Product-verify_gatewayVerify Gateway (IVG)
CVE-2020-4485
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 12:05
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar Wincollect
CVE-2020-4381
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 12:35
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162.

Action-Not Available
Vendor-IBM Corporation
Product-elastic_storage_serverElastic Storage Server
CVE-2020-4267
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 15:50
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.

Action-Not Available
Vendor-IBM Corporation
Product-mqmq_applianceMQ Appliance
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-4325
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.63%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 14:20
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_automationprocess_federation_serverAutomation Workstream Services in Cloud Pak for AutomationProcess Federation Server
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-4200
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 15:15
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixdb2windowslinux_kernelDB2 for Linux- UNIX and Windows
CVE-2020-4320
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 38.89%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 13:45
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowsmqaixMQ
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-4161
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 63.06%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 15:15
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixdb2windowslinux_kernelDB2 for Linux- UNIX and Windows
CVE-2022-22389
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 16:45
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

Action-Not Available
Vendor-opengroupIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsunixdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38316
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 22:30
Updated-06 Mar, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Shares Denial of Service

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_sharesAspera Shares
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-22323
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.57% / 68.04%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 15:20
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-security_verify_password_synchronizationactive_directorySecurity Verify Password Synchronization Plug-in for Windows AD
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22316
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 16:20
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CVE-2022-22312
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.57% / 68.04%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 15:20
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-security_verify_password_synchronizationactive_directorySecurity Verify Password Synchronization Plug-in for Windows AD
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22482
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 16:25
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-30443
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.00%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 01:04
Updated-31 Jan, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-hp-uxwindowssolarisaixlinux_kerneldb2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-28955
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 01:09
Updated-25 Oct, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Knowledge Catalog denial of service

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.

Action-Not Available
Vendor-IBM Corporation
Product-watson_knowledge_catalog_on_cloud_pak_for_dataWatson Knowledge Catalog on Cloud Pak for Data
CWE ID-CWE-20
Improper Input Validation
CVE-2024-22332
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:54
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Integration Bus for z/OS denial of service

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.

Action-Not Available
Vendor-IBM Corporation
Product-integration_busIntegration Bus for z/OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-22360
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.24%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 12:32
Updated-27 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25927
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.69%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 17:38
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access denial of service

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-20
Improper Input Validation
CVE-2025-36442
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.49%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:18
Updated-05 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-943
Improper Neutralization of Special Elements in Data Query Logic
CVE-2025-33132
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:57
Updated-06 Nov, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixwindowslinux_on_ibm_zlinux_kerneldb2_high_performance_unload_loadDB2 High Performance Unload
CWE ID-CWE-467
Use of sizeof() on a Pointer Type
CVE-2025-3631
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.04%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 18:37
Updated-18 Aug, 2025 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQMQ Appliance
CWE ID-CWE-416
Use After Free
CVE-2025-33096
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.38%
||
7 Day CHG+0.08%
Published-12 Oct, 2025 | 13:31
Updated-16 Oct, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management Doors Next denial of service

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsaixengineering_requirements_management_doors_nextEngineering Requirements Management Doors Next
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-36070
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-33131
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:56
Updated-06 Nov, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixwindowslinux_on_ibm_zlinux_kerneldb2_high_performance_unload_loadDB2 High Performance Unload
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-36098
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36071
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.40%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 18:27
Updated-07 Aug, 2025 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2IBM Db2
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-36387
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.22%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-05 Feb, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36010
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 18:13
Updated-06 Aug, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux denial of service

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-833
Deadlock
CVE-2025-36008
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.34%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 18:57
Updated-19 Nov, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-33126
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:56
Updated-05 Nov, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-db2_high_performance_unload_loadwindowsaixlinux_kernellinux_on_ibm_zDB2 High Performance Unload
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2025-36140
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 22:11
Updated-10 Dec, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM watsonx.data Denial of Service

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.datawatsonx.data
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-33133
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:57
Updated-06 Nov, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixwindowslinux_on_ibm_zlinux_kerneldb2_high_performance_unload_loadDB2 High Performance Unload
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-36006
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 19:04
Updated-19 Nov, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-36366
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.83%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-05 Feb, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-943
Improper Neutralization of Special Elements in Data Query Logic
CVE-2025-36001
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:28
Updated-05 Feb, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-43902
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 20:44
Updated-06 Mar, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ
CVE-2021-38974
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.22%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:35
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CVE-2021-38937
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 17:50
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.

Action-Not Available
Vendor-IBM Corporation
Product-powervm_hypervisorPowerVM Hypervisor
Details not found