Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for db2_warehouse by ibm

    CVE-2023-33854 (GCVE-0-2023-33854)

    Vulnerability from nvd – Published: 2026-06-22 14:31 – Updated: 2026-06-23 13:43
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 , ≤ 1.8.4 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T13:41:25.316058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T13:43:26.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T14:31:21.168Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-33854",
        "datePublished": "2026-06-22T14:31:21.168Z",
        "dateReserved": "2023-05-23T00:32:05.085Z",
        "dateUpdated": "2026-06-23T13:43:26.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2669 (GCVE-0-2025-2669)

    Vulnerability from nvd – Published: 2026-06-22 13:18 – Updated: 2026-06-22 14:12
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T14:12:17.648473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T14:12:31.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:18:42.153Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.ProductFixed in Fix PackInstructionsIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Datav5.4Db2 Warehouse:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgradingDb2:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2669",
        "datePublished": "2026-06-22T13:18:42.153Z",
        "dateReserved": "2025-03-22T13:41:34.517Z",
        "dateUpdated": "2026-06-22T14:12:31.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54178 (GCVE-0-2024-54178)

    Vulnerability from nvd – Published: 2026-06-22 13:15 – Updated: 2026-06-22 16:07
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:07:21.703365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:07:26.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:15:30.011Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-54178",
        "datePublished": "2026-06-22T13:15:30.011Z",
        "dateReserved": "2024-11-30T14:47:55.533Z",
        "dateUpdated": "2026-06-22T16:07:26.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42005 (GCVE-0-2023-42005)

    Vulnerability from nvd – Published: 2024-05-29 12:53 – Updated: 2024-08-02 19:16
    VLAI
    Title
    IBM Db2 on Cloud Pak for Data privilege escalation
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, Access Controls
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data Affected: 3.5, 4.0, 4.5, 4.6, 4.7, 4.8
        cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T15:31:04.424637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:23.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:16:49.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7155078"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Db2 on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.\u003c/span\u003e\n\n"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T12:53:04.315Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7155078"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Db2 on Cloud Pak for Data privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-42005",
        "datePublished": "2024-05-29T12:53:04.315Z",
        "dateReserved": "2023-09-06T19:32:50.696Z",
        "dateUpdated": "2024-08-02T19:16:49.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41296 (GCVE-0-2022-41296)

    Vulnerability from nvd – Published: 2022-12-01 17:24 – Updated: 2024-08-03 12:42
    VLAI
    Title
    IBM Db2U cross-site respect forgery
    Summary
    IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Db2U Affected: 3.5, 4.0, 4.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:42:45.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6843071"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T18:50:52.073301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:50:58.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Db2U",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5, 4.0, 4.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\u003c/span\u003e"
                }
              ],
              "value": "IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T01:49:10.008Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6843071"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Db2U cross-site respect forgery",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-41296",
        "datePublished": "2022-12-01T17:24:48.698Z",
        "dateReserved": "2022-09-21T17:43:55.394Z",
        "dateUpdated": "2024-08-03T12:42:45.776Z",
        "requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33854 (GCVE-0-2023-33854)

    Vulnerability from cvelistv5 – Published: 2026-06-22 14:31 – Updated: 2026-06-23 13:43
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 , ≤ 1.8.4 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T13:41:25.316058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T13:43:26.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T14:31:21.168Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-33854",
        "datePublished": "2026-06-22T14:31:21.168Z",
        "dateReserved": "2023-05-23T00:32:05.085Z",
        "dateUpdated": "2026-06-23T13:43:26.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2669 (GCVE-0-2025-2669)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:18 – Updated: 2026-06-22 14:12
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T14:12:17.648473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T14:12:31.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:18:42.153Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.ProductFixed in Fix PackInstructionsIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Datav5.4Db2 Warehouse:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgradingDb2:\u00a0https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2669",
        "datePublished": "2026-06-22T13:18:42.153Z",
        "dateReserved": "2025-03-22T13:41:34.517Z",
        "dateUpdated": "2026-06-22T14:12:31.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54178 (GCVE-0-2024-54178)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:15 – Updated: 2026-06-22 16:07
    VLAI
    Title
    Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277112 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Affected: 4.8.0 (semver)
    Affected: 5.0.0 , ≤ 5.3.0 (semver)
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:07:21.703365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:07:26.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
              ],
              "product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:15:30.011Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277112"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u00a0\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
            }
          ],
          "title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-54178",
        "datePublished": "2026-06-22T13:15:30.011Z",
        "dateReserved": "2024-11-30T14:47:55.533Z",
        "dateUpdated": "2026-06-22T16:07:26.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42005 (GCVE-0-2023-42005)

    Vulnerability from cvelistv5 – Published: 2024-05-29 12:53 – Updated: 2024-08-02 19:16
    VLAI
    Title
    IBM Db2 on Cloud Pak for Data privilege escalation
    Summary
    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, Access Controls
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Db2 on Cloud Pak for Data Affected: 3.5, 4.0, 4.5, 4.6, 4.7, 4.8
        cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*
        cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T15:31:04.424637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:25:23.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:16:49.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7155078"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Db2 on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.\u003c/span\u003e\n\n"
                }
              ],
              "value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T12:53:04.315Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7155078"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Db2 on Cloud Pak for Data privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-42005",
        "datePublished": "2024-05-29T12:53:04.315Z",
        "dateReserved": "2023-09-06T19:32:50.696Z",
        "dateUpdated": "2024-08-02T19:16:49.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41296 (GCVE-0-2022-41296)

    Vulnerability from cvelistv5 – Published: 2022-12-01 17:24 – Updated: 2024-08-03 12:42
    VLAI
    Title
    IBM Db2U cross-site respect forgery
    Summary
    IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Db2U Affected: 3.5, 4.0, 4.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:42:45.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6843071"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T18:50:52.073301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:50:58.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Db2U",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5, 4.0, 4.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\u003c/span\u003e"
                }
              ],
              "value": "IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T01:49:10.008Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6843071"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Db2U cross-site respect forgery",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-41296",
        "datePublished": "2022-12-01T17:24:48.698Z",
        "dateReserved": "2022-09-21T17:43:55.394Z",
        "dateUpdated": "2024-08-03T12:42:45.776Z",
        "requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }