Search criteria
2 vulnerabilities found for Cloud APM, Base Private by IBM
CVE-2026-3676 (GCVE-0-2026-3676)
Vulnerability from nvd – Published: 2026-05-27 12:48 – Updated: 2026-05-27 14:38
VLAI
Title
There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.
Severity
6.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7273649 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cloud APM, Base Private |
Affected:
8.1.4 , ≤ ) Interim Fix 021
(semver)
cpe:2.3:a:ibm:cloud_apm_base_private:8.1.4:*:*:*:*:*:*:* |
|
| IBM | Cloud APM, Advanced Private |
Affected:
8.1.4
cpe:2.3:a:ibm:cloud_apm_advanced_private:8.1.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:34:24.394252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:38:08.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_apm_base_private:8.1.4:*:*:*:*:*:*:*"
],
"product": "Cloud APM, Base Private",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": ") Interim Fix 021",
"status": "affected",
"version": "8.1.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cloud_apm_advanced_private:8.1.4:*:*:*:*:*:*:*"
],
"product": "Cloud APM, Advanced Private",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.\u003c/p\u003e"
}
],
"value": "IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:48:42.947Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273649"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V11.5 server. The fixes can be accessed from the following security bulletins:\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-specially-crafted-query-when-stmtheap-set-automatic-cve-2025-36122\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic (CVE-2025-36122)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-when-fetching-certain-tables-under-specific-configurations-cve-2025-14688\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service when fetching from certain tables under specific configurations (CVE-2025-14688)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin:\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-affected-vulnerability-netty-codec-http-41127-cve-2025-67735\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/node/7257695\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-trap-or-return-sqlcode-901-when-compiling-specially-crafted-query-defined-index-cve-2026-1352\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-specially-crafted-query-involving-multiple-subqueries-cve-2026-1577\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eTo use your updated DB2 V11.5 server with your IBM Cloud Application Performance Management product, apply the 8.1.4.0-IBM-APM-SERVER-IF0004 or later server patch to the system where the Cloud APM server is installed. Interim fixes for the Cloud APM server version 8.1.4 are available to download from IBM Fix Central at this link:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026amp;fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Performance%20Management%20family\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026amp;fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Performance%20Management%20family\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V11.5 server. The fixes can be accessed from the following security bulletins:\n\n\n\nSecurity Bulletin: https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026source=SAR\u0026function=fixId\u0026parent=IBM%20Performance%20Management%20family"
}
],
"title": "There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-3676",
"datePublished": "2026-05-27T12:48:42.947Z",
"dateReserved": "2026-03-06T21:17:59.734Z",
"dateUpdated": "2026-05-27T14:38:08.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3676 (GCVE-0-2026-3676)
Vulnerability from cvelistv5 – Published: 2026-05-27 12:48 – Updated: 2026-05-27 14:38
VLAI
Title
There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.
Severity
6.5 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7273649 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cloud APM, Base Private |
Affected:
8.1.4 , ≤ ) Interim Fix 021
(semver)
cpe:2.3:a:ibm:cloud_apm_base_private:8.1.4:*:*:*:*:*:*:* |
|
| IBM | Cloud APM, Advanced Private |
Affected:
8.1.4
cpe:2.3:a:ibm:cloud_apm_advanced_private:8.1.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:34:24.394252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:38:08.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_apm_base_private:8.1.4:*:*:*:*:*:*:*"
],
"product": "Cloud APM, Base Private",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": ") Interim Fix 021",
"status": "affected",
"version": "8.1.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cloud_apm_advanced_private:8.1.4:*:*:*:*:*:*:*"
],
"product": "Cloud APM, Advanced Private",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.\u003c/p\u003e"
}
],
"value": "IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:48:42.947Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273649"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V11.5 server. The fixes can be accessed from the following security bulletins:\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-specially-crafted-query-when-stmtheap-set-automatic-cve-2025-36122\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic (CVE-2025-36122)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-when-fetching-certain-tables-under-specific-configurations-cve-2025-14688\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service when fetching from certain tables under specific configurations (CVE-2025-14688)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin:\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-affected-vulnerability-netty-codec-http-41127-cve-2025-67735\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/node/7257695\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-trap-or-return-sqlcode-901-when-compiling-specially-crafted-query-defined-index-cve-2026-1352\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSecurity Bulletin: \u003ca href=\"https://www.ibm.com/support/pages/security-bulletin-ibm%C2%AE-db2%C2%AE-vulnerable-denial-service-specially-crafted-query-involving-multiple-subqueries-cve-2026-1577\" rel=\"nofollow\"\u003eSecurity Bulletin: IBM\u00ae Db2\u00ae is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)\u003c/a\u003e\u003c/p\u003e\u003cp\u003eTo use your updated DB2 V11.5 server with your IBM Cloud Application Performance Management product, apply the 8.1.4.0-IBM-APM-SERVER-IF0004 or later server patch to the system where the Cloud APM server is installed. Interim fixes for the Cloud APM server version 8.1.4 are available to download from IBM Fix Central at this link:\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026amp;fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Performance%20Management%20family\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026amp;fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Performance%20Management%20family\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The vulnerabilities can be remediated by first applying the necessary fixes to your DB2 V11.5 server. The fixes can be accessed from the following security bulletins:\n\n\n\nSecurity Bulletin: https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Application+Performance+Management\u0026fixids=8.1.4.0-IBM-APM-SERVER-IF0019\u0026source=SAR\u0026function=fixId\u0026parent=IBM%20Performance%20Management%20family"
}
],
"title": "There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-3676",
"datePublished": "2026-05-27T12:48:42.947Z",
"dateReserved": "2026-03-06T21:17:59.734Z",
"dateUpdated": "2026-05-27T14:38:08.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}