CVE-2023-33854
- EPSS 0.19%
- Veröffentlicht 22.06.2026 14:31:21
- Zuletzt bearbeitet 30.06.2026 15:03:14
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
CVE-2025-2669
- EPSS 0.2%
- Veröffentlicht 22.06.2026 13:18:42
- Zuletzt bearbeitet 30.06.2026 15:46:55
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
CVE-2024-54178
- EPSS 0.24%
- Veröffentlicht 22.06.2026 13:15:30
- Zuletzt bearbeitet 30.06.2026 15:47:16
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.
CVE-2023-42005
- EPSS 0.29%
- Veröffentlicht 29.05.2024 13:15:48
- Zuletzt bearbeitet 18.08.2025 15:03:51
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
CVE-2022-41296
- EPSS 0.47%
- Veröffentlicht 12.12.2022 09:15:12
- Zuletzt bearbeitet 25.02.2026 16:22:14
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.