CVE-2024-27254
📊 5.3 MEDIUM⚡ 0.1%🎯 0 exploits
📅 Published Apr 3, 2024
📋 Status: Analyzed
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
15 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | ibm | db2 | 10.5 Target SW: linux | Vulnerable | cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:* |
📱App | ibm | db2 | 10.5 Target SW: unix | Vulnerable | cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:* |
📱App | ibm | db2 | 10.5 Target SW: windows | Vulnerable | cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:* |
📱App | ibm | db2 | 11.1 Target SW: linux | Vulnerable | cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:* |
📱App | ibm | db2 | 11.1 Target SW: unix | Vulnerable | cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:* |
📱App | ibm | db2 | 11.1 Target SW: windows | Vulnerable | cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:* |
📱App | ibm | db2 | 11.5 Target SW: linux | Vulnerable | cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:* |
📱App | ibm | db2 | 11.5 Target SW: unix | Vulnerable | cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:* |
📱App | ibm | db2 | 11.5 Target SW: windows | Vulnerable | cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:* |
💻OS | hp | hp-ux | All versions | Not Vulnerable | cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* |
💻OS | ibm | aix | All versions | Not Vulnerable | cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* |
💻OS | ibm | linux on ibm z | All versions | Not Vulnerable | cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:* |
💻OS | linux | linux kernel | All versions | Not Vulnerable | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
💻OS | microsoft | windows | All versions | Not Vulnerable | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
💻OS | oracle | solaris | All versions | Not Vulnerable | cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* |
Version: 10.5
Target SW: linux
CPE:
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*
Version: 10.5
Target SW: unix
CPE:
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*
Version: 10.5
Target SW: windows
CPE:
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*
Version: 11.1
Target SW: linux
CPE:
cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*
Version: 11.1
Target SW: unix
CPE:
cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*
Version: 11.1
Target SW: windows
CPE:
cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*
Version: 11.5
Target SW: linux
CPE:
cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*
Version: 11.5
Target SW: unix
CPE:
cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*
Version: 11.5
Target SW: windows
CPE:
cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*
💻
SafeOperating System
Version: All versions
CPE:
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
💻
SafeOperating System
Version: All versions
CPE:
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Version: All versions
CPE:
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
15 products•scroll for more
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:
NETWORK
Complexity:
HIGH
Privileges:
LOW
User Interaction:
NONE
Confidentiality:
NONE
Integrity:
NONE
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
5.3 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)15.3th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Apr 3, 2024 (1 year ago)
Last Modified
Jan 31, 2025 (9 months ago)
Security Weaknesses2
CWE-20
References4
NVDadvisoryadvisory+1