Dijing Wang

**Name of the Vulnerable Software and Affected Versions** IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 10.5, 11.1, and 11.5 **Description** The issue is related to a buffer overflow caused by improper bounds checking in the db2set. This could allow an attacker to overflow the buffer and execute arbitrary code. **Recommendations** For versions 10.5, 11.1, and 11.5, consider disabling the db2set function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.1 and 11.5 **Description** The issue is related to insufficient audit logging and incorrect clearance or release of resources in the database management system. This could allow a remote attacker to cause a denial of service. **Recommendations** For versions 11.1 and 11.5, update to a version that includes the necessary fixes for the insufficient audit logging issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 **Description** The issue is related to an information disclosure due to unauthorized access caused by improper privilege management when the `CREATE OR REPLACE` command is used. **Recommendations** For IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to the `CREATE OR REPLACE` command until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 **Description** The issue is caused by improper privilege management when a table function is used, potentially leading to an information disclosure. **Recommendations** For versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to table functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.5 **Description** The issue is related to improper group permissions, allowing an authenticated user to overwrite arbitrary files. This could potentially be exploited by a remote attacker to overwrite files. **Recommendations** For IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) version 11.5, consider updating the permissions to prevent arbitrary file overwrites until a patch is available. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 **Description** The issue is caused by improper bounds checking, leading to a buffer overflow in the `db2fm` component. This could allow a local attacker to execute arbitrary code on the system with root privileges. **Recommendations** For IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to the `db2fm` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.