Vulnerability Name: CVE-2023-26021 (CCN-247864) Assigned: 2023-04-24 Published: 2023-04-24 Updated: 2023-05-11 Summary: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2023-26021 psirt@us.ibm.com ibm-db2-cve202326021-dos(247864) psirt@us.ibm.com IBM Db2 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021) psirt@us.ibm.com Security vulnerabilities are addressed with IBM Cloud Pak for Business A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CV) IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM Db2 IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2 Vulnerabilities in IBM Db2 may affect IBM Spectrum Protect Server (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CVE-2023-27559) Multiple vulnerabilities affect IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Vulnerable Configuration: Configuration CCN 1 :cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* AND cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:* OR cpe:/a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:standard:*:*:* OR cpe:/a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:standard:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:sterling_partner_engagement_manager:6.2.1:*:*:*:standard:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:* BACK
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm cloud pak for automation 19.0.3
ibm cloud pak for automation 20.0.1
ibm cloud pak for automation 20.0.2
ibm cloud pak for automation 20.0.3
ibm cloud pak for automation 21.0.1
ibm cloud pak for automation 21.0.2 -
ibm cloud pak for automation 19.0.1
ibm cloud pak for automation 19.0.2
ibm cloud pak for business automation 18.0.0
ibm cloud pak for business automation 18.0.2
ibm cloud pak for business automation 19.0.1
ibm cloud pak for business automation 19.0.3
ibm cloud pak for business automation 20.0.1
ibm cloud pak for business automation 20.0.3
ibm cloud pak for business automation 21.0.1 -
ibm cloud pak for business automation 21.0.2 -
ibm cloud pak for business automation 21.0.3 -
ibm sterling partner engagement manager 6.2.0
ibm sterling partner engagement manager 6.1.2
ibm cloud pak for business automation 22.0.1 -
ibm sterling partner engagement manager 6.2.1
ibm cloud pak for business automation 22.0.2 -
Denotes that component is vulnerable