Vulnerability-Lookup

CNVD-2026-14665

Vulnerability from cnvd - Published: 2026-03-24

Title

IBM Db2 Big SQL on Cloud Pak for Data资源管理错误漏洞

Description

IBM Db2 Big SQL on Cloud Pak for Data是美国国际商业机器（IBM）公司的一个大规模并行处理SQL引擎。 IBM Db2 Big SQL on Cloud Pak for Data存在资源管理错误漏洞，该漏洞源于未正确限制系统资源分配，攻击者可利用该漏洞导致拒绝服务。

Severity

中

Patch Name

IBM Db2 Big SQL on Cloud Pak for Data资源管理错误漏洞的补丁

Patch Description

IBM Db2 Big SQL on Cloud Pak for Data是美国国际商业机器（IBM）公司的一个大规模并行处理SQL引擎。 IBM Db2 Big SQL on Cloud Pak for Data存在资源管理错误漏洞，该漏洞源于未正确限制系统资源分配，攻击者可利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/7257907

Reference

https://www.ibm.com/support/pages/node/7257907

Impacted products

Name
['IBM Db2 Big SQL on Cloud Pak for Data 7.6', 'IBM Db2 Big SQL on Cloud Pak for Data 7.7', 'IBM Db2 Big SQL on Cloud Pak for Data 7.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-39724",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-39724"
    }
  },
  "description": "IBM Db2 Big SQL on Cloud Pak for Data\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5927\u89c4\u6a21\u5e76\u884c\u5904\u7406SQL\u5f15\u64ce\u3002\n\nIBM Db2 Big SQL on Cloud Pak for Data\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u6b63\u786e\u9650\u5236\u7cfb\u7edf\u8d44\u6e90\u5206\u914d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7257907",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-14665",
  "openTime": "2026-03-24",
  "patchDescription": "IBM Db2 Big SQL on Cloud Pak for Data\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5927\u89c4\u6a21\u5e76\u884c\u5904\u7406SQL\u5f15\u64ce\u3002\r\n\r\nIBM Db2 Big SQL on Cloud Pak for Data\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u6b63\u786e\u9650\u5236\u7cfb\u7edf\u8d44\u6e90\u5206\u914d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Db2 Big SQL on Cloud Pak for Data\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Db2 Big SQL on Cloud Pak for Data 7.6",
      "IBM Db2 Big SQL on Cloud Pak for Data 7.7",
      "IBM Db2 Big SQL on Cloud Pak for Data 7.8"
    ]
  },
  "referenceLink": "https://www.ibm.com/support/pages/node/7257907",
  "serverity": "\u4e2d",
  "submitTime": "2026-02-11",
  "title": "IBM Db2 Big SQL on Cloud Pak for Data\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2024-39724 (GCVE-0-2024-39724)

Vulnerability from cvelistv5 – Published: 2026-02-04 20:52 – Updated: 2026-02-04 21:30

Title

IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API

Summary

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

ibm

References

URL

Tags

https://www.ibm.com/support/pages/node/7257907

vendor-advisorypatch

Impacted products

	Vendor	Product	Version
	IBM	Db2 Big SQL on Cloud Pak for Data	Affected: IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8 , ≤ 2.1.0 (semver) Affected: IBM Db2 Big SQL 7.7 on Cloud Pak for Data 5.0 Affected: IBM Db2 Big SQL 7.8 on Cloud Pak for Data 5.1 cpe:2.3:a:ibm:big_sql:7.6:::::::* cpe:2.3:a:ibm:big_sql:7.7:::::::* cpe:2.3:a:ibm:big_sql:7.8:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T21:15:59.832540Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T21:16:13.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:big_sql:7.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:big_sql:7.8:*:*:*:*:*:*:*"
          ],
          "product": "Db2 Big SQL on Cloud Pak for Data",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "IBM Db2 Big SQL 7.7 on Cloud Pak for Data 5.0"
            },
            {
              "status": "affected",
              "version": "IBM Db2 Big SQL 7.8 on Cloud Pak for Data 5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eIBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.\u003c/p\u003e\u003c/div\u003e"
            }
          ],
          "value": "IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T21:30:20.090Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7257907"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=upgrading\"\u003eUpgrading Cloud Pak for Data\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=sql-upgrading\"\u003eUpgrading the Db2 Big SQL\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;service.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for  Upgrading Cloud Pak for Data https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x \u00a0and  Upgrading the Db2 Big SQL https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x \u00a0service."
        }
      ],
      "title": "IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-39724",
    "datePublished": "2026-02-04T20:52:21.777Z",
    "dateReserved": "2024-06-28T09:34:20.322Z",
    "dateUpdated": "2026-02-04T21:30:20.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-14665

CVE-2024-39724 (GCVE-0-2024-39724)

Tags

Sightings

Nomenclature