Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    796 vulnerabilities found for db2 by ibm

    CVE-2026-7771 (GCVE-0-2026-7771)

    Vulnerability from nvd – Published: 2026-07-17 19:16 – Updated: 2026-07-17 19:16
    VLAI
    Title
    IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7279480 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T19:16:03.169Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7279480"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cbr/\u003eCustomers running any vulnerable modpack level of an affected Program,V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRelease\u003c/td\u003e\u003ctd\u003eFixed in mod pack\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eDownload URL\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV11.5\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000DDib/dt469374\" rel=\"nofollow\"\u003eDT469374\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87098 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e12.1.5\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000DDib/dt469374\" rel=\"nofollow\"\u003eDT469374\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003eSpecial Build #87349 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable modpack level of an affected Program,V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URL\n\nV11.5\n\n\n\nTBD\n\n\n\n https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\n12.1.5\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEnsure that the query is applying the predicates as intended.\u003c/p\u003e"
                }
              ],
              "value": "Ensure that the query is applying the predicates as intended."
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7771",
        "datePublished": "2026-07-17T19:16:03.169Z",
        "dateReserved": "2026-05-04T14:17:26.954Z",
        "dateUpdated": "2026-07-17T19:16:03.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9762 (GCVE-0-2026-9762)

    Vulnerability from nvd – Published: 2026-07-17 17:25 – Updated: 2026-07-18 03:55
    VLAI
    Title
    IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7279479 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T03:55:38.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T17:25:53.469Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7279479"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V11.5, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9 and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV11.5\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E5e9/dt471454\" rel=\"nofollow\"\u003eDT471454\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87098 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev12.1.5\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E5e9/dt471454\" rel=\"nofollow\"\u003eDT471454\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87349 or later for V12.1.4 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable modpack level of an affected Program, V11.5, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9 and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.ReleaseFixed in mod packAPARDownload URLV11.5TBDDT471454Special Build #87098 or later for V11.5.9 available at this link:https://www.ibm.com/support/pages/node/7087189V12.1v12.1.5DT471454Special Build #87349 or later for V12.1.4 available at this link:https://www.ibm.com/support/pages/node/7267513IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-9762",
        "datePublished": "2026-07-17T17:25:53.469Z",
        "dateReserved": "2026-05-27T18:39:32.605Z",
        "dateUpdated": "2026-07-18T03:55:38.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11906 (GCVE-0-2026-11906)

    Vulnerability from nvd – Published: 2026-06-30 19:42 – Updated: 2026-07-01 15:53
    VLAI
    Title
    IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277423 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:53:15.458939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:53:31.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in the data query logic of XMLTable-derived columns.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in the data query logic of XMLTable-derived columns."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:42:08.459Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277423"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BsUv/dt466352\" rel=\"nofollow\"\u003eDT466352\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BsUv/dt466352\" rel=\"nofollow\"\u003eDT466352\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-11906",
        "datePublished": "2026-06-30T19:42:08.459Z",
        "dateReserved": "2026-06-10T16:11:41.935Z",
        "dateUpdated": "2026-07-01T15:53:31.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10109 (GCVE-0-2026-10109)

    Vulnerability from nvd – Published: 2026-06-30 20:02 – Updated: 2026-07-01 17:27
    VLAI
    Title
    IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277424 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:56:04.853789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:00.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:02:13.026Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277424"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ECKf/dt471718\" rel=\"nofollow\"\u003eDT471718\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ECKf/dt471718\" rel=\"nofollow\"\u003eDT471718\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10109",
        "datePublished": "2026-06-30T20:02:13.026Z",
        "dateReserved": "2026-05-29T16:58:35.341Z",
        "dateUpdated": "2026-07-01T17:27:00.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36372 (GCVE-0-2025-36372)

    Vulnerability from nvd – Published: 2026-06-30 20:03 – Updated: 2026-07-01 14:29
    VLAI
    Title
    IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277417 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:30.901347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:38.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-538",
                  "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:03:00.050Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277417"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000064Tx/dt452582\" rel=\"nofollow\"\u003eDT452582\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000064Tx/dt452582\" rel=\"nofollow\"\u003eDT452582\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae could disclose sensitive information to an authenticated user from the monitoring and event tables",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUse DB2REMOTE alias. (DB2REMOTE is supported with LBAR only on 12.1 releases)\u003c/p\u003e"
                }
              ],
              "value": "Use DB2REMOTE alias. (DB2REMOTE is supported with LBAR only on 12.1 releases)"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36372",
        "datePublished": "2026-06-30T20:03:00.050Z",
        "dateReserved": "2025-04-15T21:16:56.325Z",
        "dateUpdated": "2026-07-01T14:29:38.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33854 (GCVE-0-2023-33854)

    Vulnerability from nvd – Published: 2026-06-22 14:31 – Updated: 2026-06-23 13:43
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 , ≤ 1.8.4 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T13:41:25.316058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T13:43:26.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T14:31:21.168Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-33854",
        "datePublished": "2026-06-22T14:31:21.168Z",
        "dateReserved": "2023-05-23T00:32:05.085Z",
        "dateUpdated": "2026-06-23T13:43:26.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2669 (GCVE-0-2025-2669)

    Vulnerability from nvd – Published: 2026-06-22 13:18 – Updated: 2026-06-22 14:12
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T14:12:17.648473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T14:12:31.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:18:42.153Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.ProductFixed in Fix PackInstructionsIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Datav5.4Db2 Warehouse:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgradingDb2:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2669",
        "datePublished": "2026-06-22T13:18:42.153Z",
        "dateReserved": "2025-03-22T13:41:34.517Z",
        "dateUpdated": "2026-06-22T14:12:31.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54178 (GCVE-0-2024-54178)

    Vulnerability from nvd – Published: 2026-06-22 13:15 – Updated: 2026-06-22 16:07
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:07:21.703365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:07:26.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:15:30.011Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-54178",
        "datePublished": "2026-06-22T13:15:30.011Z",
        "dateReserved": "2024-11-30T14:47:55.533Z",
        "dateUpdated": "2026-06-22T16:07:26.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6938 (GCVE-0-2026-6938)

    Vulnerability from nvd – Published: 2026-05-27 13:11 – Updated: 2026-05-27 14:45
    VLAI
    Title
    IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query
    Summary
    IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273559 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:45:23.148553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:45:33.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:11:31.279Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273559"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000CfaT/dt468154\" rel=\"nofollow\"\u003eDT468154\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URL\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to authorization bypass when uploading to a remote object storage path with a special query",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUse LOAD COPY command db2 load from test.del of del replace into t1 copy yes to \u0027DB2REMOTE://\u0027. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE\u003c/p\u003e"
                }
              ],
              "value": "Use LOAD COPY command db2 load from test.del of del replace into t1 copy yes to \u0027DB2REMOTE://\u0027. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6938",
        "datePublished": "2026-05-27T13:11:31.279Z",
        "dateReserved": "2026-04-23T19:16:43.392Z",
        "dateUpdated": "2026-05-27T14:45:33.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6053 (GCVE-0-2026-6053)

    Vulnerability from nvd – Published: 2026-05-27 13:10 – Updated: 2026-05-29 15:32
    VLAI
    Title
    IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273556 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T15:32:03.289212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T15:32:13.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:10:05.402Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273556"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BUkL/dt465436\" rel=\"nofollow\"\u003eDT465436\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BUkL/dt465436\" rel=\"nofollow\"\u003eDT465436\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTurn off intra-parallelism. Ensure sufficient memory available in the application heap to avoid memory allocation from failing.\u003c/p\u003e"
                }
              ],
              "value": "Turn off intra-parallelism. Ensure sufficient memory available in the application heap to avoid memory allocation from failing."
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6053",
        "datePublished": "2026-05-27T13:10:05.402Z",
        "dateReserved": "2026-04-09T22:16:06.393Z",
        "dateUpdated": "2026-05-29T15:32:13.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6052 (GCVE-0-2026-6052)

    Vulnerability from nvd – Published: 2026-05-27 13:09 – Updated: 2026-05-27 15:22
    VLAI
    Title
    IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273557 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:21:52.352065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:22:19.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:09:29.770Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273557"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BcEr/dt465726\" rel=\"nofollow\"\u003eDT465726\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BcEr/dt465726\" rel=\"nofollow\"\u003eDT465726\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to running out of memory when executing certain queries with MDC tables",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDo not use Multi-Clustering-Dimensional (MDC) tables\u003c/p\u003e"
                }
              ],
              "value": "Do not use Multi-Clustering-Dimensional (MDC) tables"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6052",
        "datePublished": "2026-05-27T13:09:29.770Z",
        "dateReserved": "2026-04-09T22:08:53.174Z",
        "dateUpdated": "2026-05-27T15:22:19.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6051 (GCVE-0-2026-6051)

    Vulnerability from nvd – Published: 2026-05-27 13:07 – Updated: 2026-05-27 14:41
    VLAI
    Title
    IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273558 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:38:57.077391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:41:58.407Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:07:47.761Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273558"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BxZR/dt466547\" rel=\"nofollow\"\u003eDT466547\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BxZR/dt466547\" rel=\"nofollow\"\u003eDT466547\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when executing a specially crafted query with a small statement heap",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e1) Increase statement heap by setting larger STMTHEAP.\u003c/p\u003e\u003cp\u003eor\u003c/p\u003e\u003cp\u003e2) Reduce optimization level to 0. The user can append a optimizer guideline to the query:\u003c/p\u003e\u003cp\u003e\u0026lt;query\u0026gt;\u003c/p\u003e\u003cp\u003e/* \u0026lt;OPTGUIDELINES\u0026gt;\u003c/p\u003e\u003cp\u003e\u00a0\u00a0\u0026lt;QRYOPT VALUE=\u00270\u0027/\u0026gt;\u003c/p\u003e\u003cp\u003e\u0026lt;/OPTGUIDELINES\u0026gt; */\u003c/p\u003e"
                }
              ],
              "value": "1) Increase statement heap by setting larger STMTHEAP.\n\n\n\nor\n\n\n\n2) Reduce optimization level to 0. The user can append a optimizer guideline to the query:\n\n\n\n\u003cquery\u003e\n\n\n\n/* \u003cOPTGUIDELINES\u003e\n\n\n\n\u00a0\u00a0\u003cQRYOPT VALUE=\u00270\u0027/\u003e\n\n\n\n\u003c/OPTGUIDELINES\u003e */"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6051",
        "datePublished": "2026-05-27T13:07:47.761Z",
        "dateReserved": "2026-04-09T21:45:54.618Z",
        "dateUpdated": "2026-05-27T14:41:58.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1718 (GCVE-0-2026-1718)

    Vulnerability from nvd – Published: 2026-05-27 12:18 – Updated: 2026-05-27 15:00
    VLAI
    Title
    IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273555 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:58:14.515036Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:00:16.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:18:40.738Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273555"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000093WX/dt459656\" rel=\"nofollow\"\u003eDT459656\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000093WX/dt459656\" rel=\"nofollow\"\u003eDT459656\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eremove AUTONOMOUS from procedure define\u003c/p\u003e"
                }
              ],
              "value": "remove AUTONOMOUS from procedure define"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-1718",
        "datePublished": "2026-05-27T12:18:40.738Z",
        "dateReserved": "2026-01-30T19:11:27.471Z",
        "dateUpdated": "2026-05-27T15:00:16.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7771 (GCVE-0-2026-7771)

    Vulnerability from cvelistv5 – Published: 2026-07-17 19:16 – Updated: 2026-07-17 19:16
    VLAI
    Title
    IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7279480 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T19:16:03.169Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7279480"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cbr/\u003eCustomers running any vulnerable modpack level of an affected Program,V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRelease\u003c/td\u003e\u003ctd\u003eFixed in mod pack\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eDownload URL\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV11.5\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000DDib/dt469374\" rel=\"nofollow\"\u003eDT469374\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87098 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e12.1.5\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000DDib/dt469374\" rel=\"nofollow\"\u003eDT469374\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003eSpecial Build #87349 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable modpack level of an affected Program,V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URL\n\nV11.5\n\n\n\nTBD\n\n\n\n https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\n12.1.5\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEnsure that the query is applying the predicates as intended.\u003c/p\u003e"
                }
              ],
              "value": "Ensure that the query is applying the predicates as intended."
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7771",
        "datePublished": "2026-07-17T19:16:03.169Z",
        "dateReserved": "2026-05-04T14:17:26.954Z",
        "dateUpdated": "2026-07-17T19:16:03.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9762 (GCVE-0-2026-9762)

    Vulnerability from cvelistv5 – Published: 2026-07-17 17:25 – Updated: 2026-07-18 03:55
    VLAI
    Title
    IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7279479 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T03:55:38.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T17:25:53.469Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7279479"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V11.5, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9 and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV11.5\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E5e9/dt471454\" rel=\"nofollow\"\u003eDT471454\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87098 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev12.1.5\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E5e9/dt471454\" rel=\"nofollow\"\u003eDT471454\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #87349 or later for V12.1.4 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable modpack level of an affected Program, V11.5, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9 and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.ReleaseFixed in mod packAPARDownload URLV11.5TBDDT471454Special Build #87098 or later for V11.5.9 available at this link:https://www.ibm.com/support/pages/node/7087189V12.1v12.1.5DT471454Special Build #87349 or later for V12.1.4 available at this link:https://www.ibm.com/support/pages/node/7267513IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-9762",
        "datePublished": "2026-07-17T17:25:53.469Z",
        "dateReserved": "2026-05-27T18:39:32.605Z",
        "dateUpdated": "2026-07-18T03:55:38.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36372 (GCVE-0-2025-36372)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:03 – Updated: 2026-07-01 14:29
    VLAI
    Title
    IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277417 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:30.901347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:38.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-538",
                  "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:03:00.050Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277417"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000064Tx/dt452582\" rel=\"nofollow\"\u003eDT452582\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000064Tx/dt452582\" rel=\"nofollow\"\u003eDT452582\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae could disclose sensitive information to an authenticated user from the monitoring and event tables",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUse DB2REMOTE alias. (DB2REMOTE is supported with LBAR only on 12.1 releases)\u003c/p\u003e"
                }
              ],
              "value": "Use DB2REMOTE alias. (DB2REMOTE is supported with LBAR only on 12.1 releases)"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36372",
        "datePublished": "2026-06-30T20:03:00.050Z",
        "dateReserved": "2025-04-15T21:16:56.325Z",
        "dateUpdated": "2026-07-01T14:29:38.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10109 (GCVE-0-2026-10109)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:02 – Updated: 2026-07-01 17:27
    VLAI
    Title
    IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277424 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:56:04.853789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:00.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:02:13.026Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277424"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ECKf/dt471718\" rel=\"nofollow\"\u003eDT471718\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000ECKf/dt471718\" rel=\"nofollow\"\u003eDT471718\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-10109",
        "datePublished": "2026-06-30T20:02:13.026Z",
        "dateReserved": "2026-05-29T16:58:35.341Z",
        "dateUpdated": "2026-07-01T17:27:00.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11906 (GCVE-0-2026-11906)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:42 – Updated: 2026-07-01 15:53
    VLAI
    Title
    IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277423 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:53:15.458939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:53:31.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in the data query logic of XMLTable-derived columns.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in the data query logic of XMLTable-derived columns."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:42:08.459Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277423"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BsUv/dt466352\" rel=\"nofollow\"\u003eDT466352\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BsUv/dt466352\" rel=\"nofollow\"\u003eDT466352\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-11906",
        "datePublished": "2026-06-30T19:42:08.459Z",
        "dateReserved": "2026-06-10T16:11:41.935Z",
        "dateUpdated": "2026-07-01T15:53:31.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33854 (GCVE-0-2023-33854)

    Vulnerability from cvelistv5 – Published: 2026-06-22 14:31 – Updated: 2026-06-23 13:43
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 , ≤ 1.8.4 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T13:41:25.316058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T13:43:26.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T14:31:21.168Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-33854",
        "datePublished": "2026-06-22T14:31:21.168Z",
        "dateReserved": "2023-05-23T00:32:05.085Z",
        "dateUpdated": "2026-06-23T13:43:26.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2669 (GCVE-0-2025-2669)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:18 – Updated: 2026-06-22 14:12
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T14:12:17.648473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T14:12:31.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:18:42.153Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.ProductFixed in Fix PackInstructionsIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Datav5.4Db2 Warehouse:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgradingDb2:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2669",
        "datePublished": "2026-06-22T13:18:42.153Z",
        "dateReserved": "2025-03-22T13:41:34.517Z",
        "dateUpdated": "2026-06-22T14:12:31.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54178 (GCVE-0-2024-54178)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:15 – Updated: 2026-06-22 16:07
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:07:21.703365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:07:26.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:15:30.011Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-54178",
        "datePublished": "2026-06-22T13:15:30.011Z",
        "dateReserved": "2024-11-30T14:47:55.533Z",
        "dateUpdated": "2026-06-22T16:07:26.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6938 (GCVE-0-2026-6938)

    Vulnerability from cvelistv5 – Published: 2026-05-27 13:11 – Updated: 2026-05-27 14:45
    VLAI
    Title
    IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query
    Summary
    IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273559 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:45:23.148553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:45:33.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:11:31.279Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273559"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000CfaT/dt468154\" rel=\"nofollow\"\u003eDT468154\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URL\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to authorization bypass when uploading to a remote object storage path with a special query",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUse LOAD COPY command db2 load from test.del of del replace into t1 copy yes to \u0027DB2REMOTE://\u0027. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE\u003c/p\u003e"
                }
              ],
              "value": "Use LOAD COPY command db2 load from test.del of del replace into t1 copy yes to \u0027DB2REMOTE://\u0027. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6938",
        "datePublished": "2026-05-27T13:11:31.279Z",
        "dateReserved": "2026-04-23T19:16:43.392Z",
        "dateUpdated": "2026-05-27T14:45:33.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6053 (GCVE-0-2026-6053)

    Vulnerability from cvelistv5 – Published: 2026-05-27 13:10 – Updated: 2026-05-29 15:32
    VLAI
    Title
    IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273556 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T15:32:03.289212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T15:32:13.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:10:05.402Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273556"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BUkL/dt465436\" rel=\"nofollow\"\u003eDT465436\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BUkL/dt465436\" rel=\"nofollow\"\u003eDT465436\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTurn off intra-parallelism. Ensure sufficient memory available in the application heap to avoid memory allocation from failing.\u003c/p\u003e"
                }
              ],
              "value": "Turn off intra-parallelism. Ensure sufficient memory available in the application heap to avoid memory allocation from failing."
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6053",
        "datePublished": "2026-05-27T13:10:05.402Z",
        "dateReserved": "2026-04-09T22:16:06.393Z",
        "dateUpdated": "2026-05-29T15:32:13.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6052 (GCVE-0-2026-6052)

    Vulnerability from cvelistv5 – Published: 2026-05-27 13:09 – Updated: 2026-05-27 15:22
    VLAI
    Title
    IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273557 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:21:52.352065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:22:19.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:09:29.770Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273557"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BcEr/dt465726\" rel=\"nofollow\"\u003eDT465726\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BcEr/dt465726\" rel=\"nofollow\"\u003eDT465726\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to running out of memory when executing certain queries with MDC tables",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDo not use Multi-Clustering-Dimensional (MDC) tables\u003c/p\u003e"
                }
              ],
              "value": "Do not use Multi-Clustering-Dimensional (MDC) tables"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6052",
        "datePublished": "2026-05-27T13:09:29.770Z",
        "dateReserved": "2026-04-09T22:08:53.174Z",
        "dateUpdated": "2026-05-27T15:22:19.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6051 (GCVE-0-2026-6051)

    Vulnerability from cvelistv5 – Published: 2026-05-27 13:07 – Updated: 2026-05-27 14:41
    VLAI
    Title
    IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273558 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:38:57.077391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:41:58.407Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T13:07:47.761Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273558"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BxZR/dt466547\" rel=\"nofollow\"\u003eDT466547\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BxZR/dt466547\" rel=\"nofollow\"\u003eDT466547\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service when executing a specially crafted query with a small statement heap",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e1) Increase statement heap by setting larger STMTHEAP.\u003c/p\u003e\u003cp\u003eor\u003c/p\u003e\u003cp\u003e2) Reduce optimization level to 0. The user can append a optimizer guideline to the query:\u003c/p\u003e\u003cp\u003e\u0026lt;query\u0026gt;\u003c/p\u003e\u003cp\u003e/* \u0026lt;OPTGUIDELINES\u0026gt;\u003c/p\u003e\u003cp\u003e\u00a0\u00a0\u0026lt;QRYOPT VALUE=\u00270\u0027/\u0026gt;\u003c/p\u003e\u003cp\u003e\u0026lt;/OPTGUIDELINES\u0026gt; */\u003c/p\u003e"
                }
              ],
              "value": "1) Increase statement heap by setting larger STMTHEAP.\n\n\n\nor\n\n\n\n2) Reduce optimization level to 0. The user can append a optimizer guideline to the query:\n\n\n\n\u003cquery\u003e\n\n\n\n/* \u003cOPTGUIDELINES\u003e\n\n\n\n\u00a0\u00a0\u003cQRYOPT VALUE=\u00270\u0027/\u003e\n\n\n\n\u003c/OPTGUIDELINES\u003e */"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-6051",
        "datePublished": "2026-05-27T13:07:47.761Z",
        "dateReserved": "2026-04-09T21:45:54.618Z",
        "dateUpdated": "2026-05-27T14:41:58.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1718 (GCVE-0-2026-1718)

    Vulnerability from cvelistv5 – Published: 2026-05-27 12:18 – Updated: 2026-05-27 15:00
    VLAI
    Title
    IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure
    Summary
    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7273555 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
    Affected: 12.1.0 , ≤ 12.1.4 (semver)
        cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:58:14.515036Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T15:00:16.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
              ],
              "product": "Db2",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.9",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:18:40.738Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7273555"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000093WX/dt459656\" rel=\"nofollow\"\u003eDT459656\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #81937 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ00000093WX/dt459656\" rel=\"nofollow\"\u003eDT459656\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #83501 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
            }
          ],
          "title": "IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eremove AUTONOMOUS from procedure define\u003c/p\u003e"
                }
              ],
              "value": "remove AUTONOMOUS from procedure define"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-1718",
        "datePublished": "2026-05-27T12:18:40.738Z",
        "dateReserved": "2026-01-30T19:11:27.471Z",
        "dateUpdated": "2026-05-27T15:00:16.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2026-AVI-0901

    Vulnerability from certfr_avis - Published: 2026-07-17 - Updated: 2026-07-17

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM WebSphere Application Server WebSphere Application Server Liberty versions antérieures à 26.0.0.8
    IBM Sterling Connect:Direct Sterling Connect:Direct FTP+ versions antérieures à 1.3.0.5
    IBM QRadar QRadar User Behavior Analytics versions antérieures à 6.0.0
    IBM Db2 Db2 Genius Hub & Agentics versions antérieures à 1.1.3
    IBM QRadar QRadar Data Synchronization App versions antérieures à 4.0.0
    IBM QRadar Security QRadar Log Management AQL Plugin versions antérieures à 1.1.7
    IBM Db2 Db2 versions 12.1.x antérieures à 12.1.4
    IBM Sterling Connect:Direct Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.5.iFix020 pour Unix
    IBM Db2 Db2 versions 11.5.x antérieures à 11.5.9
    IBM Sterling Connect:Direct Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.20
    IBM WebSphere Application Server WebSphere Application Server versions 8.5.x antérieures à 8.5.5.31
    IBM Sterling Connect:Direct Sterling Secure Proxy versions antérieures à 6.2.1.2 iFix02
    IBM Sterling Connect:Direct Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.7.iFix015 pour Unix
    IBM WebSphere Application Server WebSphere Application Server versions 9.0.x antérieures à 9.0.5.29
    IBM Sterling Connect:Direct Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.9
    References
    Bulletin de sécurité IBM 7279972 2026-07-14 vendor-advisory
    Bulletin de sécurité IBM 7280010 2026-07-14 vendor-advisory
    Bulletin de sécurité IBM 7279458 2026-07-10 vendor-advisory
    Bulletin de sécurité IBM 7280089 2026-07-15 vendor-advisory
    Bulletin de sécurité IBM 7280183 2026-07-15 vendor-advisory
    Bulletin de sécurité IBM 7280131 2026-07-15 vendor-advisory
    Bulletin de sécurité IBM 7279924 2026-07-13 vendor-advisory
    Bulletin de sécurité IBM 7280105 2026-07-15 vendor-advisory
    Bulletin de sécurité IBM 7279466 2026-07-10 vendor-advisory
    Bulletin de sécurité IBM 7280009 2026-07-14 vendor-advisory
    Bulletin de sécurité IBM 7279973 2026-07-14 vendor-advisory
    Bulletin de sécurité IBM 7279901 2026-07-13 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 26.0.0.8",
          "product": {
            "name": "WebSphere Application Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0.5",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 6.0.0",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Genius Hub \u0026 Agentics versions ant\u00e9rieures \u00e0 1.1.3",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 4.0.0",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.7",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.4",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.5.iFix020 pour Unix",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.20",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.31",
          "product": {
            "name": "WebSphere Application Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions ant\u00e9rieures \u00e0 6.2.1.2 iFix02",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7.iFix015 pour Unix",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "WebSphere Application Server",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.9",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-27980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27980"
        },
        {
          "name": "CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "name": "CVE-2026-44574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44574"
        },
        {
          "name": "CVE-2026-44578",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44578"
        },
        {
          "name": "CVE-2026-3449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
        },
        {
          "name": "CVE-2026-27205",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
        },
        {
          "name": "CVE-2026-31958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31958"
        },
        {
          "name": "CVE-2026-23479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23479"
        },
        {
          "name": "CVE-2026-45109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45109"
        },
        {
          "name": "CVE-2024-37891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
        },
        {
          "name": "CVE-2026-50645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50645"
        },
        {
          "name": "CVE-2026-39830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
        },
        {
          "name": "CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "name": "CVE-2025-67726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67726"
        },
        {
          "name": "CVE-2026-44573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44573"
        },
        {
          "name": "CVE-2026-44580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44580"
        },
        {
          "name": "CVE-2026-42508",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
        },
        {
          "name": "CVE-2025-14505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14505"
        },
        {
          "name": "CVE-2026-44579",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44579"
        },
        {
          "name": "CVE-2026-42211",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42211"
        },
        {
          "name": "CVE-2023-37920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
        },
        {
          "name": "CVE-2026-9171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9171"
        },
        {
          "name": "CVE-2026-39833",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39833"
        },
        {
          "name": "CVE-2026-41239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
        },
        {
          "name": "CVE-2026-41305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41305"
        },
        {
          "name": "CVE-2026-33814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
        },
        {
          "name": "CVE-2026-44575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44575"
        },
        {
          "name": "CVE-2026-2391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
        },
        {
          "name": "CVE-2026-53663",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53663"
        },
        {
          "name": "CVE-2026-22013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
        },
        {
          "name": "CVE-2026-22018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
        },
        {
          "name": "CVE-2026-39832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39832"
        },
        {
          "name": "CVE-2026-39829",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
        },
        {
          "name": "CVE-2026-41988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41988"
        },
        {
          "name": "CVE-2026-23745",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
        },
        {
          "name": "CVE-2024-29415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
        },
        {
          "name": "CVE-2025-59471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59471"
        },
        {
          "name": "CVE-2026-7246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7246"
        },
        {
          "name": "CVE-2026-35536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35536"
        },
        {
          "name": "CVE-2026-39834",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39834"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "name": "CVE-2026-46595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
        },
        {
          "name": "CVE-2026-34282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
        },
        {
          "name": "CVE-2026-42036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
        },
        {
          "name": "CVE-2026-54285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-54285"
        },
        {
          "name": "CVE-2026-24051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
        },
        {
          "name": "CVE-2025-59472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59472"
        },
        {
          "name": "CVE-2026-44572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44572"
        },
        {
          "name": "CVE-2026-39821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
        },
        {
          "name": "CVE-2021-23337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
        },
        {
          "name": "CVE-2026-34043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
        },
        {
          "name": "CVE-2026-45409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45409"
        },
        {
          "name": "CVE-2026-27136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-25645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
        },
        {
          "name": "CVE-2026-21860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
        },
        {
          "name": "CVE-2026-4800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
        },
        {
          "name": "CVE-2026-44249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44249"
        },
        {
          "name": "CVE-2026-39883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39883"
        },
        {
          "name": "CVE-2026-0540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
        },
        {
          "name": "CVE-2026-45149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
        },
        {
          "name": "CVE-2026-45249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45249"
        },
        {
          "name": "CVE-2026-23865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
        },
        {
          "name": "CVE-2020-7760",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7760"
        },
        {
          "name": "CVE-2026-33671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
        },
        {
          "name": "CVE-2026-33532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
        },
        {
          "name": "CVE-2025-68470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
        },
        {
          "name": "CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "name": "CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "name": "CVE-2026-30922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2026-10842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10842"
        },
        {
          "name": "CVE-2026-25589",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25589"
        },
        {
          "name": "CVE-2026-33750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
        },
        {
          "name": "CVE-2026-2359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
        },
        {
          "name": "CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "name": "CVE-2025-11143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
        },
        {
          "name": "CVE-2026-6918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-5795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
        },
        {
          "name": "CVE-2025-6493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
        },
        {
          "name": "CVE-2026-41240",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
        },
        {
          "name": "CVE-2026-42506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
        },
        {
          "name": "CVE-2026-34479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34479"
        },
        {
          "name": "CVE-2024-52804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52804"
        },
        {
          "name": "CVE-2026-26960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
        },
        {
          "name": "CVE-2022-21704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21704"
        },
        {
          "name": "CVE-2026-42040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
        },
        {
          "name": "CVE-2026-4867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4867"
        },
        {
          "name": "CVE-2025-23165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
        },
        {
          "name": "CVE-2023-45803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
        },
        {
          "name": "CVE-2026-27199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
        },
        {
          "name": "CVE-2026-2492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2492"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2026-39831",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39831"
        },
        {
          "name": "CVE-2026-39828",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
        },
        {
          "name": "CVE-2025-66471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
        },
        {
          "name": "CVE-2026-21441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
        },
        {
          "name": "CVE-2024-45337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
        },
        {
          "name": "CVE-2026-44581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44581"
        },
        {
          "name": "CVE-2026-40181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40181"
        },
        {
          "name": "CVE-2026-25680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
        },
        {
          "name": "CVE-2026-39835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39835"
        },
        {
          "name": "CVE-2026-29057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29057"
        },
        {
          "name": "CVE-2026-23631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23631"
        },
        {
          "name": "CVE-2024-35195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
        },
        {
          "name": "CVE-2026-4539",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
        },
        {
          "name": "CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "name": "CVE-2026-44577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44577"
        },
        {
          "name": "CVE-2026-24842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
        },
        {
          "name": "CVE-2025-66221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
        },
        {
          "name": "CVE-2026-23950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
        },
        {
          "name": "CVE-2026-2950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
        },
        {
          "name": "CVE-2026-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
        },
        {
          "name": "CVE-2026-40895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
        },
        {
          "name": "CVE-2026-22016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
        },
        {
          "name": "CVE-2026-22021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
        },
        {
          "name": "CVE-2026-25243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25243"
        },
        {
          "name": "CVE-2023-43804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
        },
        {
          "name": "CVE-2026-22007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
        },
        {
          "name": "CVE-2026-54270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-54270"
        },
        {
          "name": "CVE-2025-69873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
        },
        {
          "name": "CVE-2024-6485",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
        },
        {
          "name": "CVE-2026-34268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
        },
        {
          "name": "CVE-2025-68458",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
        },
        {
          "name": "CVE-2026-3520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"
        },
        {
          "name": "CVE-2026-44582",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44582"
        },
        {
          "name": "CVE-2026-29786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
        },
        {
          "name": "CVE-2026-42038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
        },
        {
          "name": "CVE-2026-2332",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
        },
        {
          "name": "CVE-2026-11708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11708"
        },
        {
          "name": "CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "name": "CVE-2025-15599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15599"
        },
        {
          "name": "CVE-2026-14501",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-14501"
        },
        {
          "name": "CVE-2024-47081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
        },
        {
          "name": "CVE-2026-42502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
        },
        {
          "name": "CVE-2026-33672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
        },
        {
          "name": "CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "name": "CVE-2020-28500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
        },
        {
          "name": "CVE-2026-25681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
        },
        {
          "name": "CVE-2026-39304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39304"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "name": "CVE-2020-8203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
        },
        {
          "name": "CVE-2026-27448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
        },
        {
          "name": "CVE-2022-40896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40896"
        },
        {
          "name": "CVE-2026-11595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11595"
        },
        {
          "name": "CVE-2026-42034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
        },
        {
          "name": "CVE-2025-59437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59437"
        },
        {
          "name": "CVE-2026-9322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9322"
        },
        {
          "name": "CVE-2026-8408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8408"
        },
        {
          "name": "CVE-2026-44576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44576"
        },
        {
          "name": "CVE-2026-23490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
        },
        {
          "name": "CVE-2025-71176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71176"
        },
        {
          "name": "CVE-2025-68157",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
        },
        {
          "name": "CVE-2026-46598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46598"
        },
        {
          "name": "CVE-2026-6322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
        },
        {
          "name": "CVE-2026-11712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11712"
        },
        {
          "name": "CVE-2026-42342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42342"
        },
        {
          "name": "CVE-2026-12143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
        },
        {
          "name": "CVE-2026-44431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
        },
        {
          "name": "CVE-2024-3651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
        },
        {
          "name": "CVE-2026-26996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
        },
        {
          "name": "CVE-2026-33227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33227"
        },
        {
          "name": "CVE-2026-42264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
        },
        {
          "name": "CVE-2026-46597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46597"
        },
        {
          "name": "CVE-2025-67724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67724"
        },
        {
          "name": "CVE-2026-39865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39865"
        },
        {
          "name": "CVE-2026-41238",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41238"
        },
        {
          "name": "CVE-2026-54269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-54269"
        },
        {
          "name": "CVE-2026-28684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28684"
        },
        {
          "name": "CVE-2025-59436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59436"
        },
        {
          "name": "CVE-2026-42037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
        },
        {
          "name": "CVE-2026-42042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
        },
        {
          "name": "CVE-2023-42282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
        },
        {
          "name": "CVE-2023-32681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
        },
        {
          "name": "CVE-2026-6321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
        },
        {
          "name": "CVE-2024-39689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
        },
        {
          "name": "CVE-2026-39827",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39827"
        },
        {
          "name": "CVE-2025-67725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67725"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2026-22008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
        },
        {
          "name": "CVE-2026-31802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
        },
        {
          "name": "CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "name": "CVE-2026-41907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41907"
        },
        {
          "name": "CVE-2026-10535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10535"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        },
        {
          "name": "CVE-2026-34077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34077"
        },
        {
          "name": "CVE-2026-2739",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2739"
        },
        {
          "name": "CVE-2025-47287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
        },
        {
          "name": "CVE-2025-66418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
        }
      ],
      "initial_release_date": "2026-07-17T00:00:00",
      "last_revision_date": "2026-07-17T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0901",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279972",
          "url": "https://www.ibm.com/support/pages/node/7279972"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7280010",
          "url": "https://www.ibm.com/support/pages/node/7280010"
        },
        {
          "published_at": "2026-07-10",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279458",
          "url": "https://www.ibm.com/support/pages/node/7279458"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7280089",
          "url": "https://www.ibm.com/support/pages/node/7280089"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7280183",
          "url": "https://www.ibm.com/support/pages/node/7280183"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7280131",
          "url": "https://www.ibm.com/support/pages/node/7280131"
        },
        {
          "published_at": "2026-07-13",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279924",
          "url": "https://www.ibm.com/support/pages/node/7279924"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7280105",
          "url": "https://www.ibm.com/support/pages/node/7280105"
        },
        {
          "published_at": "2026-07-10",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279466",
          "url": "https://www.ibm.com/support/pages/node/7279466"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7280009",
          "url": "https://www.ibm.com/support/pages/node/7280009"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279973",
          "url": "https://www.ibm.com/support/pages/node/7279973"
        },
        {
          "published_at": "2026-07-13",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279901",
          "url": "https://www.ibm.com/support/pages/node/7279901"
        }
      ]
    }

    CERTFR-2026-AVI-0834

    Vulnerability from certfr_avis - Published: 2026-07-03 - Updated: 2026-07-03

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM WebSphere WebSphere Application Server versions 9.x antérieures à 9.0.5.29
    IBM Db2 Db2 Genius Hub versions antérieures à 1.1.3
    IBM Db2 Db2 Big SQL on IBM Software Hub versions antérieures à 5.4
    IBM WebSphere WebSphere Remote Server versions 9.x antérieures à 9.0.5.29
    IBM N/A SOAR QRadar Plugin App versions antérieures à 5.6.5
    IBM WebSphere WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.31
    IBM WebSphere WebSphere Application Server versions 8.x antérieures à 8.5.5.31
    IBM WebSphere WebSphere Application Server Liberty versions antérieures à 26.0.0.8
    References
    Bulletin de sécurité IBM 7278360 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7279004 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278998 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278996 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278993 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7279001 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278935 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278590 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278148 2026-06-26 vendor-advisory
    Bulletin de sécurité IBM 7279002 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278995 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278997 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278990 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278358 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7278989 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278576 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278572 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278580 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278398 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7278359 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7279003 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278103 2026-06-26 vendor-advisory
    Bulletin de sécurité IBM 7278593 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278399 2026-06-29 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Genius Hub versions ant\u00e9rieures \u00e0 1.1.3",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Big SQL on IBM Software Hub versions ant\u00e9rieures \u00e0 5.4",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.5",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.31",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 8.x ant\u00e9rieures \u00e0 8.5.5.31",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 26.0.0.8",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-50645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50645"
        },
        {
          "name": "CVE-2026-11383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
        },
        {
          "name": "CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "name": "CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "name": "CVE-2024-7531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
        },
        {
          "name": "CVE-2021-3572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
        },
        {
          "name": "CVE-2026-44432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        },
        {
          "name": "CVE-2025-14688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14688"
        },
        {
          "name": "CVE-2026-9171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9171"
        },
        {
          "name": "CVE-2024-12086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
        },
        {
          "name": "CVE-2026-1577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1577"
        },
        {
          "name": "CVE-2025-6069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
        },
        {
          "name": "CVE-2026-2391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
        },
        {
          "name": "CVE-2026-9072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9072"
        },
        {
          "name": "CVE-2026-24737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24737"
        },
        {
          "name": "CVE-2026-8858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8858"
        },
        {
          "name": "CVE-2026-7246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7246"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "name": "CVE-2026-11541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
        },
        {
          "name": "CVE-2025-1371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
        },
        {
          "name": "CVE-2026-11707",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
        },
        {
          "name": "CVE-2026-11546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11546"
        },
        {
          "name": "CVE-2026-42036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
        },
        {
          "name": "CVE-2021-23337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
        },
        {
          "name": "CVE-2026-11594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
        },
        {
          "name": "CVE-2025-8291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
        },
        {
          "name": "CVE-2025-64718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
        },
        {
          "name": "CVE-2026-24043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24043"
        },
        {
          "name": "CVE-2025-13755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13755"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-4800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
        },
        {
          "name": "CVE-2026-6051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6051"
        },
        {
          "name": "CVE-2025-50182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
        },
        {
          "name": "CVE-2026-33671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
        },
        {
          "name": "CVE-2026-33532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
        },
        {
          "name": "CVE-2025-68470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
        },
        {
          "name": "CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "name": "CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "name": "CVE-2026-11536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2025-1795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
        },
        {
          "name": "CVE-2026-33750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
        },
        {
          "name": "CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "name": "CVE-2026-8646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
        },
        {
          "name": "CVE-2026-33228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
        },
        {
          "name": "CVE-2026-9320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
        },
        {
          "name": "CVE-2026-6053",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6053"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2024-29869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29869"
        },
        {
          "name": "CVE-2026-42040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
        },
        {
          "name": "CVE-2026-4923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
        },
        {
          "name": "CVE-2026-6052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6052"
        },
        {
          "name": "CVE-2025-1377",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2024-25260",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
        },
        {
          "name": "CVE-2026-24133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24133"
        },
        {
          "name": "CVE-2026-10845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
        },
        {
          "name": "CVE-2026-2327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2327"
        },
        {
          "name": "CVE-2026-2950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
        },
        {
          "name": "CVE-2026-3676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3676"
        },
        {
          "name": "CVE-2026-1352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1352"
        },
        {
          "name": "CVE-2025-1376",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
        },
        {
          "name": "CVE-2025-69873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
        },
        {
          "name": "CVE-2025-67735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
        },
        {
          "name": "CVE-2025-36122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36122"
        },
        {
          "name": "CVE-2026-25940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25940"
        },
        {
          "name": "CVE-2026-24040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24040"
        },
        {
          "name": "CVE-2026-42038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
        },
        {
          "name": "CVE-2026-11708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11708"
        },
        {
          "name": "CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "name": "CVE-2026-25755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25755"
        },
        {
          "name": "CVE-2026-33672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
        },
        {
          "name": "CVE-2025-58181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
        },
        {
          "name": "CVE-2025-47914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
        },
        {
          "name": "CVE-2025-4516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "name": "CVE-2026-11595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11595"
        },
        {
          "name": "CVE-2026-11714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11714"
        },
        {
          "name": "CVE-2026-25535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25535"
        },
        {
          "name": "CVE-2026-42034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
        },
        {
          "name": "CVE-2026-9322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9322"
        },
        {
          "name": "CVE-2026-31938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31938"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2026-6938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6938"
        },
        {
          "name": "CVE-2026-11712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11712"
        },
        {
          "name": "CVE-2026-44431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
        },
        {
          "name": "CVE-2026-42264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
        },
        {
          "name": "CVE-2026-13772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-13772"
        },
        {
          "name": "CVE-2026-32141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
        },
        {
          "name": "CVE-2026-42037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
        },
        {
          "name": "CVE-2026-42042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
        },
        {
          "name": "CVE-2026-9071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
        },
        {
          "name": "CVE-2026-9006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
        },
        {
          "name": "CVE-2026-31898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31898"
        },
        {
          "name": "CVE-2026-24001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
        },
        {
          "name": "CVE-2023-24056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
        },
        {
          "name": "CVE-2024-24786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
        },
        {
          "name": "CVE-2026-10852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10852"
        },
        {
          "name": "CVE-2026-27212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27212"
        },
        {
          "name": "CVE-2025-12183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2025-68428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
        },
        {
          "name": "CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "name": "CVE-2026-4926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
        },
        {
          "name": "CVE-2026-1718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        }
      ],
      "initial_release_date": "2026-07-03T00:00:00",
      "last_revision_date": "2026-07-03T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0834",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-03T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278360",
          "url": "https://www.ibm.com/support/pages/node/7278360"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279004",
          "url": "https://www.ibm.com/support/pages/node/7279004"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278998",
          "url": "https://www.ibm.com/support/pages/node/7278998"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278996",
          "url": "https://www.ibm.com/support/pages/node/7278996"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278993",
          "url": "https://www.ibm.com/support/pages/node/7278993"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279001",
          "url": "https://www.ibm.com/support/pages/node/7279001"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278935",
          "url": "https://www.ibm.com/support/pages/node/7278935"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278590",
          "url": "https://www.ibm.com/support/pages/node/7278590"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278148",
          "url": "https://www.ibm.com/support/pages/node/7278148"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279002",
          "url": "https://www.ibm.com/support/pages/node/7279002"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278995",
          "url": "https://www.ibm.com/support/pages/node/7278995"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278997",
          "url": "https://www.ibm.com/support/pages/node/7278997"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278990",
          "url": "https://www.ibm.com/support/pages/node/7278990"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278358",
          "url": "https://www.ibm.com/support/pages/node/7278358"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278989",
          "url": "https://www.ibm.com/support/pages/node/7278989"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278576",
          "url": "https://www.ibm.com/support/pages/node/7278576"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278572",
          "url": "https://www.ibm.com/support/pages/node/7278572"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278580",
          "url": "https://www.ibm.com/support/pages/node/7278580"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278398",
          "url": "https://www.ibm.com/support/pages/node/7278398"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278359",
          "url": "https://www.ibm.com/support/pages/node/7278359"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279003",
          "url": "https://www.ibm.com/support/pages/node/7279003"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
          "url": "https://www.ibm.com/support/pages/node/7278103"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278593",
          "url": "https://www.ibm.com/support/pages/node/7278593"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278399",
          "url": "https://www.ibm.com/support/pages/node/7278399"
        }
      ]
    }

    CERTFR-2026-AVI-0810

    Vulnerability from certfr_avis - Published: 2026-06-26 - Updated: 2026-06-26

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Sterling Partner Engagement Manager Essentials Edition Sterling Partner Engagement Manager versions 6.2.3.x antérieures à 6.2.3.6
    IBM Sterling Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.4 iFix01
    IBM N/A WebSphere Application Server sans le dernier correctif de sécurité
    IBM Sterling Sterling Order Management sans le dernier correctif de sécurité
    IBM N/A WebSphere Remote Server versions 9.0.x antérieures à 9.0.5.29
    IBM QRadar QRadar DNS Analyzer App versions antérieures à 2.0.5
    IBM N/A WebSphere Liberty Operator versions antérieures à 1.6.2
    IBM Cloud Pak System Cloud Pak System versions antérieures à 2.3.5.1
    IBM N/A WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.30
    IBM Sterling Sterling External Authentication Server versions 6.1.1.x antérieures à 6.1.1.3 iFix01
    IBM Sterling Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix035
    IBM Db2 Db2 versions V11.5 et V12.1 sans le dernier correctif de sécurité
    IBM Sterling Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix062
    IBM N/A WebSphere eXtreme Scale versions 8.6.x antérieures à 8.6.1 sans le correctif PH71616 iFix
    IBM Sterling Sterling Secure Proxy versions 6.2.1.x antérieures à 6.2.1.2 iFix02
    IBM Sterling Partner Engagement Manager Essentials Edition Sterling Partner Engagement Manager versions 6.2.4.x antérieures à 6.2.4.4
    References
    Bulletin de sécurité IBM 7277716 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277692 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277418 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7275595 2026-06-25 vendor-advisory
    Bulletin de sécurité IBM 7277973 2026-06-25 vendor-advisory
    Bulletin de sécurité IBM 7277546 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277694 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277531 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277693 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277544 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277550 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277424 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277420 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277742 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277387 2026-06-22 vendor-advisory
    Bulletin de sécurité IBM 7277556 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277555 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7278112 2026-06-26 vendor-advisory
    Bulletin de sécurité IBM 7277422 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277536 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277767 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7278103 2026-06-26 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Sterling Partner Engagement Manager versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.6",
          "product": {
            "name": "Sterling Partner Engagement Manager Essentials Edition",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.4 iFix01",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Order Management sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.5",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Liberty Operator versions ant\u00e9rieures \u00e0 1.6.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.1",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.30",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling External Authentication Server versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.3 iFix01",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix035",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions V11.5 et V12.1 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix062",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere eXtreme Scale versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 sans le correctif PH71616 iFix",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.2 iFix02",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Partner Engagement Manager versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.4",
          "product": {
            "name": "Sterling Partner Engagement Manager Essentials Edition",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-5588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5588"
        },
        {
          "name": "CVE-2025-36353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
        },
        {
          "name": "CVE-2025-66199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
        },
        {
          "name": "CVE-2026-33871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        },
        {
          "name": "CVE-2025-2534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
        },
        {
          "name": "CVE-2026-11383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
        },
        {
          "name": "CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "name": "CVE-2025-13867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
        },
        {
          "name": "CVE-2026-42402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42402"
        },
        {
          "name": "CVE-2025-2668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
        },
        {
          "name": "CVE-2025-36427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
        },
        {
          "name": "CVE-2025-15469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
        },
        {
          "name": "CVE-2025-36131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
        },
        {
          "name": "CVE-2025-12084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
        },
        {
          "name": "CVE-2024-47118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
        },
        {
          "name": "CVE-2025-36098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
        },
        {
          "name": "CVE-2025-69419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
        },
        {
          "name": "CVE-2026-33814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
        },
        {
          "name": "CVE-2025-36184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
        },
        {
          "name": "CVE-2026-1605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
        },
        {
          "name": "CVE-2026-22013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
        },
        {
          "name": "CVE-2026-22018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
        },
        {
          "name": "CVE-2026-42580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42580"
        },
        {
          "name": "CVE-2025-36247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
        },
        {
          "name": "CVE-2025-36009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-15467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
        },
        {
          "name": "CVE-2026-33870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "name": "CVE-2025-36070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
        },
        {
          "name": "CVE-2026-0994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0994"
        },
        {
          "name": "CVE-2025-36428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
        },
        {
          "name": "CVE-2025-41248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
        },
        {
          "name": "CVE-2026-42585",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
        },
        {
          "name": "CVE-2026-11541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
        },
        {
          "name": "CVE-2026-34282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
        },
        {
          "name": "CVE-2026-11707",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
        },
        {
          "name": "CVE-2025-36387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
        },
        {
          "name": "CVE-2026-42036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
        },
        {
          "name": "CVE-2026-39821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
        },
        {
          "name": "CVE-2025-58057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
        },
        {
          "name": "CVE-2026-11594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
        },
        {
          "name": "CVE-2026-42403",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42403"
        },
        {
          "name": "CVE-2026-22795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
        },
        {
          "name": "CVE-2026-10109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10109"
        },
        {
          "name": "CVE-2026-27136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
        },
        {
          "name": "CVE-2023-47038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2025-36136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
        },
        {
          "name": "CVE-2026-42584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
        },
        {
          "name": "CVE-2025-36008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36008"
        },
        {
          "name": "CVE-2026-23865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
        },
        {
          "name": "CVE-2026-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        },
        {
          "name": "CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "name": "CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "name": "CVE-2026-11536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
        },
        {
          "name": "CVE-2025-69421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
        },
        {
          "name": "CVE-2026-34478",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
        },
        {
          "name": "CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "name": "CVE-2025-11143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
        },
        {
          "name": "CVE-2025-36006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
        },
        {
          "name": "CVE-2026-6918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
        },
        {
          "name": "CVE-2026-34480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-5795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2025-33012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
        },
        {
          "name": "CVE-2026-42506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
        },
        {
          "name": "CVE-2026-34479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34479"
        },
        {
          "name": "CVE-2026-22796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
        },
        {
          "name": "CVE-2026-42040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2026-25680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
        },
        {
          "name": "CVE-2025-55163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
        },
        {
          "name": "CVE-2022-24729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
        },
        {
          "name": "CVE-2025-36425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
        },
        {
          "name": "CVE-2026-10845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
        },
        {
          "name": "CVE-2025-12635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
        },
        {
          "name": "CVE-2026-42404",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42404"
        },
        {
          "name": "CVE-2026-40895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
        },
        {
          "name": "CVE-2026-22016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
        },
        {
          "name": "CVE-2026-22021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
        },
        {
          "name": "CVE-2026-22007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
        },
        {
          "name": "CVE-2025-68160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        },
        {
          "name": "CVE-2026-34268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
        },
        {
          "name": "CVE-2025-67735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2026-42038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
        },
        {
          "name": "CVE-2026-42583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
        },
        {
          "name": "CVE-2026-2332",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
        },
        {
          "name": "CVE-2025-36001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
        },
        {
          "name": "CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "name": "CVE-2025-58056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
        },
        {
          "name": "CVE-2026-8149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8149"
        },
        {
          "name": "CVE-2026-42502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
        },
        {
          "name": "CVE-2026-42581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
        },
        {
          "name": "CVE-2025-40909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
        },
        {
          "name": "CVE-2025-36365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
        },
        {
          "name": "CVE-2026-25681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
        },
        {
          "name": "CVE-2025-69418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
        },
        {
          "name": "CVE-2025-15468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
        },
        {
          "name": "CVE-2025-36442",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
        },
        {
          "name": "CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "name": "CVE-2026-42034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
        },
        {
          "name": "CVE-2026-42587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2024-47072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
        },
        {
          "name": "CVE-2025-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
        },
        {
          "name": "CVE-2025-41249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
        },
        {
          "name": "CVE-2025-36366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
        },
        {
          "name": "CVE-2025-36123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
        },
        {
          "name": "CVE-2026-42264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
        },
        {
          "name": "CVE-2026-0636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0636"
        },
        {
          "name": "CVE-2026-42037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
        },
        {
          "name": "CVE-2026-42042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
        },
        {
          "name": "CVE-2026-9006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
        },
        {
          "name": "CVE-2025-33134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
        },
        {
          "name": "CVE-2026-11806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11806"
        },
        {
          "name": "CVE-2026-34477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
        },
        {
          "name": "CVE-2025-46392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
        },
        {
          "name": "CVE-2025-36407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
        },
        {
          "name": "CVE-2026-22008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
        },
        {
          "name": "CVE-2025-14813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
        },
        {
          "name": "CVE-2025-69420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
        }
      ],
      "initial_release_date": "2026-06-26T00:00:00",
      "last_revision_date": "2026-06-26T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0810",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-26T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277716",
          "url": "https://www.ibm.com/support/pages/node/7277716"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277692",
          "url": "https://www.ibm.com/support/pages/node/7277692"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277418",
          "url": "https://www.ibm.com/support/pages/node/7277418"
        },
        {
          "published_at": "2026-06-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275595",
          "url": "https://www.ibm.com/support/pages/node/7275595"
        },
        {
          "published_at": "2026-06-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277973",
          "url": "https://www.ibm.com/support/pages/node/7277973"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277546",
          "url": "https://www.ibm.com/support/pages/node/7277546"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277694",
          "url": "https://www.ibm.com/support/pages/node/7277694"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277531",
          "url": "https://www.ibm.com/support/pages/node/7277531"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277693",
          "url": "https://www.ibm.com/support/pages/node/7277693"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277544",
          "url": "https://www.ibm.com/support/pages/node/7277544"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277550",
          "url": "https://www.ibm.com/support/pages/node/7277550"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277424",
          "url": "https://www.ibm.com/support/pages/node/7277424"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277420",
          "url": "https://www.ibm.com/support/pages/node/7277420"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277742",
          "url": "https://www.ibm.com/support/pages/node/7277742"
        },
        {
          "published_at": "2026-06-22",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277387",
          "url": "https://www.ibm.com/support/pages/node/7277387"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277556",
          "url": "https://www.ibm.com/support/pages/node/7277556"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277555",
          "url": "https://www.ibm.com/support/pages/node/7277555"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278112",
          "url": "https://www.ibm.com/support/pages/node/7278112"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277422",
          "url": "https://www.ibm.com/support/pages/node/7277422"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277536",
          "url": "https://www.ibm.com/support/pages/node/7277536"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277767",
          "url": "https://www.ibm.com/support/pages/node/7277767"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
          "url": "https://www.ibm.com/support/pages/node/7278103"
        }
      ]
    }

    CERTFR-2026-AVI-0748

    Vulnerability from certfr_avis - Published: 2026-06-12 - Updated: 2026-06-12

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM WebSphere WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de sécurité
    IBM Sterling Connect:Direct Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.8
    IBM WebSphere WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité PH71342, PH71422, PH71453 et PH71454
    IBM Db2 Db2 Big SQL versions antérireures à 8.3.1 patch 4
    IBM Sterling Connect:Direct Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.19
    References
    Bulletin de sécurité IBM 7275419 2026-06-08 vendor-advisory
    Bulletin de sécurité IBM 7275252 2026-06-05 vendor-advisory
    Bulletin de sécurité IBM 7275305 2026-06-06 vendor-advisory
    Bulletin de sécurité IBM 7275468 2026-06-08 vendor-advisory
    Bulletin de sécurité IBM 7275256 2026-06-05 vendor-advisory
    Bulletin de sécurité IBM 7275462 2026-06-08 vendor-advisory
    Bulletin de sécurité IBM 7275528 2026-06-08 vendor-advisory
    Bulletin de sécurité IBM 7275257 2026-06-05 vendor-advisory
    Bulletin de sécurité IBM 7275459 2026-06-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.8",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 PH71342, PH71422, PH71453 et PH71454",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Big SQL versions ant\u00e9rireures \u00e0 8.3.1 patch 4",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.19",
          "product": {
            "name": "Sterling Connect:Direct",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-40974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40974"
        },
        {
          "name": "CVE-2026-9319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9319"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-40971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40971"
        },
        {
          "name": "CVE-2026-8644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8644"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2026-8620",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8620"
        },
        {
          "name": "CVE-2026-8633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8633"
        },
        {
          "name": "CVE-2026-9330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9330"
        },
        {
          "name": "CVE-2026-9311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9311"
        },
        {
          "name": "CVE-2026-26996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        }
      ],
      "initial_release_date": "2026-06-12T00:00:00",
      "last_revision_date": "2026-06-12T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0748",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-06-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275419",
          "url": "https://www.ibm.com/support/pages/node/7275419"
        },
        {
          "published_at": "2026-06-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275252",
          "url": "https://www.ibm.com/support/pages/node/7275252"
        },
        {
          "published_at": "2026-06-06",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275305",
          "url": "https://www.ibm.com/support/pages/node/7275305"
        },
        {
          "published_at": "2026-06-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275468",
          "url": "https://www.ibm.com/support/pages/node/7275468"
        },
        {
          "published_at": "2026-06-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275256",
          "url": "https://www.ibm.com/support/pages/node/7275256"
        },
        {
          "published_at": "2026-06-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275462",
          "url": "https://www.ibm.com/support/pages/node/7275462"
        },
        {
          "published_at": "2026-06-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275528",
          "url": "https://www.ibm.com/support/pages/node/7275528"
        },
        {
          "published_at": "2026-06-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275257",
          "url": "https://www.ibm.com/support/pages/node/7275257"
        },
        {
          "published_at": "2026-06-08",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275459",
          "url": "https://www.ibm.com/support/pages/node/7275459"
        }
      ]
    }