Published Security Vulnerabilities for Db2 for Linux, UNIX, and Windows including Special Build information

Preventive Service Planning

Abstract

Published Security Vulnerabilities for Db2 for Linux, UNIX, and Windows, including links to Special Builds (where available).

Content

Latest Db2 Security Special Builds

The special builds listed below are the latest available security special builds for Db2 and fix all published security vulnerability APARs. For more information on a specific APAR, refer to the relevant security bulletin in the next section.

Effective November, 2024, as new mod packs are released, the security fixes will be available on the latest mod pack code streams only (currently 11.5.9 and 12.1.1).

The latest JDK Bulletin applies to all supported Db2 releases and fixes all previously published JDK security bulletins. JDK upgrades are performed independently of the Db2 special build installation.

Most recent JDK Bulletin	Publication Date
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (April 2025 CPU)	July 3, 2025

Most recent published special builds:

Db2 11.5.9	Db2 12.1.2	Publication Date
Special Build 69673 for V11.5.9	Special Build 70120 for V12.1.2	November 7, 2025

Db2 10.5	Publication Date
Special Build 41606 for V10.5 FP11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER™ big endian Linux 64-bit, POWER™ little endian Linux 64-bit, System z®, System z9® or zSeries® Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86	November 7, 2025

Db2 11.1	Publication Date
Special Build 41620 for V11.1.4 FP7: AIX 64-bit Linux 64-bit, x86-64 Linux 64-bit, POWER™ little endian Linux 64-bit, System z®, System z9® or zSeries® Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 Special Build 41627 for V11.1.4 FP7: Linux 32-bit, x86-32	November 7, 2025

Published Security Vulnerabilities

Note: The topmost Security Bulletin contains links to the latest Special Build. Special Builds are cumulative so the latest Special Build contains the fixes for all current Security Vulnerability APARs.

For more information about a specific APAR, see the relevant Security Bulletin.

SB = Special Build
EoS = End of Support, refer to DB2 Distributed end of support (EOS) dates
N/A = The vulnerability described in the security bulletin does not apply to the version of Db2 specified in the column header

According to PSIRT guidelines, we cannot comment on whether any specific security vulnerability affects DB2® until we publish a security bulletin with a fix.

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin)	DB2 10.5	DB2 11.1	DB2 11.5	DB2 12.1	Initial Publication Date
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions (CVE-2025-36136)	N/A	N/A	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to information disclosure and credential exposure to privileged users under specific conditions (CVE-2025-36131)	N/A	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation under specific configurations (CVE-2025-36186)	N/A	N/A	N/A	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic (CVE-2025-36185)	N/A	N/A	N/A	SB#70120 (V12.1.2)	07 November 2025
Security Bulletin: IBM® Db2® federated Server is vulnerable to sensitive information disclosure under specific conditions (PRISMA-2021-0055)	N/A	N/A	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® Pacemaker is vulnerable to a denial of service due to improper allocation of resources (CVE-2025-36008)	N/A	N/A	SB#69673 (V11.5.9)	V12.1.2 GA V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to the improper release of resources after use (CVE-2025-36006)	SB#41606	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service under specific conditions (PRISMA-2023-0067)	N/A	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in json-smart 2.5.0 (CVE-2024-57699)	N/A	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-47118)	SB#41606	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2025-2534)	N/A	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to running out of memory under certain conditions (CVE-2025-33134)	SB#41606	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is vulnerable to users regaining access without admin help after account lockout (CVE-2025-33012)	SB#41606	SB#41620 SB#41627	SB#69673 (V11.5.9)	SB#70120 (V12.1.2) V12.1.3 GA	07 November 2025
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in ICU libraries.	SB#41583	SB#41592	SB#62071 (V11.5.9)	N/A	07 August 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2025-33114)	N/A	N/A	N/A	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® is affected by a vulnerability in the corosync library (CVE-2025-30472)	N/A	N/A	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to denial of service when running federated queries with the certain condition (CVE-2025-36071)	N/A	N/A	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) SB#61701 (V12.1.2)	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query when lock event monitor is activated (CVE-2024-52894)	SB#41583	SB#41592	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the netty library (CVE-2025-24970)	N/A	N/A	SB#62071 (V11.5.9)	N/A	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service under specific conditions (CVE-2025-36010)	N/A	N/A	N/A	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service using a specially crafted SQL statement (CVE-2025-33143).	N/A	N/A	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) SB#61701 (V12.1.2)	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions (CVE-2025-2533)	N/A	N/A	N/A	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in expat library.	SB#41583	SB#41592	N/A	N/A	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-49828)	SB#41583	SB#41592	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-51473)	SB#41583	SB#41592	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: IBM® Db2® is affected by a vulnerability in the mongo library (CVE-2025-0755)	N/A	N/A	N/A	SB#62100 (V12.1.1) SB#61701 (V12.1.2)	29 July 2025
Security Bulletin: IBM® Db2® is vulnerable to a stack-based buffer overflow (CVE-2025-33092)	N/A	N/A	SB#62071 (V11.5.9)	SB#62100 (V12.1.1) V12.1.2 GA	29 July 2025
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (April 2025 CPU)	JDK Upgrade	JDK Upgrade	JDK Upgrade	N/A	03 July 2025
Security Bulletin: IBM® Db2® is affected by a vulnerability in the hadoop-common library (CVE-2024-23454)	N/A	N/A	SB#59605 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is affected by a vulnerability in Apache Parquet (CVE-2025-30065)	N/A	SB#41592	SB#58840 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is vulnerable to unbounded recursions due to a vulnerability in protobuf-java (CVE-2024-7254)	N/A	SB#41592	SB#58840 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is affected by a vulnerability in protobuf-java (CVE-2022-3510, CVE-2022-3509, CVE-2022-3171)	N/A	SB#41592	SB#58840 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-49350)	N/A	SB#41592	SB#58840 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service under certain conditions (CVE-2025-3050)	N/A	N/A	SB#58840 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions (CVE-2025-2518)	N/A	N/A	SB#58840 (V11.5.9)	SB#59885 (V12.1.1)	29 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to insufficient release of allocated memory resources. (CVE-2025-0915)	N/A	N/A	SB#57034 (V11.5.9)	SB#54779 (V12.1.1)	05 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to insufficient release of allocated memory after usage. (CVE-2025-1992)	N/A	N/A	SB#57034 (V11.5.9)	SB#54779 (V12.1.1)	05 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when connecting to a z/OS database. (CVE-2025-1000)	N/A	N/A	SB#57034 (V11.5.9)	SB#54779 (V12.1.1)	05 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service under certain conditions. (CVE-2025-1493)	N/A	N/A	N/A	SB#52131 (V12.1.0) SB#54779 (V12.1.1)	05 May 2025
Security Bulletin: IBM® Db2® is affected by a vulnerability in the netty library. (CVE-2024-47535, CVE-2025-25193)	N/A	N/A	SB#57034 (V11.5.9)	N/A	05 May 2025
Security Bulletin: IBM® Db2® is vulnerable to a denial of service under specific conditions (CVE-2024-52903)	N/A	N/A	N/A	SB##50594 (V12.1.0) SB#54779 (V12.1.1)	01 May 2025
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Jan 2025 CPU)	JDK Upgrade	JDK Upgrade	JDK Upgrade	JDK Upgrade	April 9, 2025
Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-45663)	N/A	SB#41535	SB#49307 (V11.5.8) SB#50315 (V11.5.9)	12.1	November 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-41762)	SB#41536	SB#41535	SB#49307 (V11.5.8) SB#50315 (V11.5.9)	12.1	November 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-41761)	SB#41536	SB#41535	SB#49307 (V11.5.8) SB#50315 (V11.5.9)	12.1	November 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure under specific conditions (CVE-2024-40679)	N/A	N/A	SB#49307 (V11.5.8) SB#50315 (V11.5.9)	12.1	November 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-37071)	SB#41536	SB#41535	SB#49307 (V11.5.8) SB#50315 (V11.5.9)	12.1	November 13, 2024

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin)	DB2 10.5	DB2 11.1	DB2 11.5	Initial Publication Date
Security Bulletin: IBM® Db2® is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)	N/A	N/A	SB#43143 (V11.5.8) SB#43682 (V11.5.9)	August 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2024-37529)	N/A	SB#41497	SB#41498 (V11.5.0) SB#43143 (V11.5.8) SB#43682 (V11.5.9)	August 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)	N/A	N/A	SB#43143 (V11.5.8) SB#43682 (V11.5.9)	August 13, 2024
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)	SB#41496	SB#41497	SB#41498 (V11.5.0) SB#43143 (V11.5.8) SB#43682 (V11.5.9)	August 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882)	N/A	SB#41497	SB#41498 (V11.5.0) SB#43143 (V11.5.8) SB#43682 (V11.5.9)	August 13, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)	SB#41483	SB#41479	SB#41480 (V11.5.0) SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)	SB#41483	SB#41479	SB#41480 (V11.5.0) SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)	N/A	SB#41479	SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library. (CVE-2024-29025)	N/A	N/A	SB#41480 (V11.5.0) SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)	SB#41483	SB#41479	N/A	June 11, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)	SB#41483	SB#41479	SB#41480 (V11.5.0) SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)	N/A	N/A	SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)	N/A	N/A	SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. (CVE-2023-29267)	N/A	SB#41479	SB#41480 (V11.5.0) SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)	SB#41483	SB#41479	SB#41480 (V11.5.0) SB#42458 (V11.5.8) SB#42449 (V11.5.9)	June 11, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar tables (CVE-2024-22360)	N/A	N/A	SB#40526 (V11.5.8) SB#40226 (V11.5.9)	April 2, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service when querying a specific UDF built-in function concurrently (CVE-2023-52296)	N/A	N/A	SB#40526 (V11.5.8) SB#40226 (V11.5.9)	April 2, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)	SB#41471	SB#41472	SB#41473 (V11.5.0) SB#40526 (V11.5.8) SB#40226 (V11.5.9)	April 2, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2024-25046)	N/A	SB#41472	SB#41473 (V11.5.0) SB#40526 (V11.5.8) SB#40226 (V11.5.9)	April 2, 2024
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file (CVE-2024-25030)	N/A	SB#41472	N/A	April 2, 2024
Security Bulletin: IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)	N/A	SB#41472	SB#40526 (V11.5.8) SB#40226 (V11.5.9)	April 2, 2024
Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)	SB#41471	SB#41472	SB#41473 (V11.5.0) SB#40526 (V11.5.8) SB#40226 (V11.5.9)	April 2, 2024
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Jan 2024 CPU)	JDK Upgrade	JDK Upgrade	JDK Upgrade	February 27, 2024
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Oct 2023 CPU)	JDK Upgrade	JDK Upgrade	JDK Upgrade	January 19, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158)	SB#41427	SB#41428	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747)	SB#41427	SB#41428	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859)	SB#41427	SB#41428	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746)	SB#41427	SB#41428	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. (CVE-2023-47152)	N/A	N/A	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141)	N/A	N/A	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® Federated is affected by a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure	N/A	N/A	SB#38015 (V11.5.9) V11.5.8 N/A	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193)	N/A	N/A	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)	N/A	N/A	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145)	SB#41427	SB#41428	SB#38015 (V11.5.9) SB#38013 (V11.5.8)	January 6, 2024
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.	N/A	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 12, 2023
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692)	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.	N/A	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. (CVE-2023-47701)	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)	N/A	N/A	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)	N/A	N/A	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)	N/A	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.	SB#41422	SB#41419	V11.5.9 GA SB#37208 (V11.5.8)	December 1, 2023
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-32342)	SB#41384	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	November 3, 2023
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2023-30441)	JDK Upgrade	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	November 3, 2023
Security Bulletin: A vulnerability in libqb affects IBM® Db2® High-Availability deployments using Pacemaker (CVE-2023-39976)	N/A	N/A	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query containing common table expressions (CVE-2023-40373)	SB#41384	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement using External Tables. (CVE-2023-40372)	N/A	N/A	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service via a specially crafted query on certain databases. (CVE-2023-30987)	SB#41384	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® could allow a local user with special privileges to cause a denial of service during database deactivation on DPF (CVE-2023-38719)	N/A	N/A	SB#35599 (V11.5.8) N/A - V11.5.7	October 6, 2023
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)	JDK Upgrade	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Apr 2023 CPU)	JDK Upgrade	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement (CVE-2023-38740)	N/A	N/A	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-30991)	N/A	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted ALTER TABLE statement (CVE-2023-38720)	N/A	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)	SB#41384	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query statement. (CVE-2023-40374)	N/A	N/A	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement (CVE-2023-38728)	SB#41384	SB#41373	SB#35599 (V11.5.8) SB#33926 (V11.5.7)	October 6, 2023
Security Bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® is vulnerable to insufficient audit logging. (CVE-2023-23487)	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query	SB#41328	SB#41327	SB#31203 (V11.5.8) SB#31201 (V11.5.7)	July 10, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. (CVE-2023-27559)	SB#41270	SB#41268	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)	SB#41270	SB#41268	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)	SB#41270	SB#41268	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)	N/A	SB#41268	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)	N/A	N/A	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. (CVE-2023-29255)	SB#41270	SB#41268	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)	SB#41270	SB#41268	SB# 29133 (V11.5.8) SB# 29113 (v11.5.7)	April 24, 2023
Security Bulletin: IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted 'Load' command. (CVE-2022-43929)	N/A	SB#41246 (V11.1.4 FP7)	SB# 26513 (V11.5.8)	February 8, 2023
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerabilitiy due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)	SB#41247 (V10.5 FP11)	SB#41246 (V11.1.4 FP7)	SB# 26513 (V11.5.8)	February 8, 2023
Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)	SB#41247 (V10.5 FP11)	SB#41246 (V11.1.4 FP7)	11.5.8	February 8, 2023
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file. (CVE-2022-43930)	SB#41247 (V10.5 FP11)	SB#41246 (V11.1.4 FP7)	SB# 26513 (V11.5.8)	February 8, 2023

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin)	DB2 9.7 (EoS)	DB2 10.1 (EoS)	DB2 10.5	DB2 11.1	DB2 11.5
Security Bulletin: Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution. (CVE-2022-43680, CVE-2022-40674)	SB# 41220 (V9.7 FP11)	SB# 41219 (V10.1 FP6)	SB# 41221 (V10.5 FP11)	SB# 41222 (V11.1.4 FP7)	N/A
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)	SB# 41141 (V9.7 FP11)	SB# 41146 (V10.1 FP6)	SB# 41140 (V10.5 FP11)	SB# 41145 (V11.1.4 FP7)	SB# 20944 (V11.5.7)
Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)	N/A	N/A	SB# 41140 (V10.5 FP11)	SB# 41145 (V11.1.4 FP7)	SB# 20944 (V11.5.7)
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)	SB# 41114 (V9.7 FP11)	SB# 41109 (V10.1 FP6)	SB# 41110 (V10.5 FP11)	SB# 41112 (V11.1.4 FP7)	SB# 18572 (V11.5.7)
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390)	SB# 41114 (V9.7 FP11)	SB# 41109 (V10.1 FP6)	SB# 41110 (V10.5 FP11	SB# 41112 (V11.1.4 FP7)	SB# 18572 (V11.5.7)
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library	SB# 41114 (V9.7 FP11)	SB# 41109 (V10.1 FP6)	SB# 41110 (V10.5 FP11	SB# 41112 (V11.1.4 FP7)	N/A
Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)	JDK Upgrade	JDK Upgrade	JDK Upgrade	JDK Upgrade	JDK Upgrade or V11.5.8
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990)	SB# 41070 (V9.7 FP11)	SB# 41071 (V10.1 FP6)	SB# 41072 (V10.5 FP11)	V11.1.4 FP7	N/A
Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)	N/A	N/A	N/A	N/A	11.5.6: SB# 13806 11.5.7: SB# 13804
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)	N/A	N/A	N/A	N/A	11.5.6: SB# 13478 11.5.7: SB# 13495
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104)	N/A	N/A	SB# 41021 (V10.5 FP11)	SB# 41025 (V11.1.4 FP6)	11.5.6: SB# 13320 11.5.7: SB# 13323
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228)	N/A	N/A	N/A	N/A	11.5.6: SB# 13320 11.5.7: SB# 13323
Security Bulletin: IBM® Db2® could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926)	SB# 40985 (V9.7 FP11)	SB# 40986 (V10.1 FP6)	SB# 40988 (V10.5 FP11)	SB# 40997 (V11.1.4 FP6) SB# 41025 for Windows	11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as it uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. (CVE-2021-39002)	SB# 40985 (V9.7 FP11)	SB# 40986 (V10.1 FP6)	SB# 40988 (V10.5 FP11)	SB# 40997 (V11.1.4 FP6) SB# 41025 for Windows	11.5.7
Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)	SB# 40985 (V9.7 FP11)	SB# 40986 (V10.1 FP6)	SB# 40988 (V10.5 FP11)	SB# 40997 (V11.1.4 FP6) SB# 41025 for Windows	11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an Information Disclosure as a user with DBADM authority is able to access other databases and read or modify files (CVE-2021-29678)	SB# 40985 (V9.7 FP11)	SB# 40986 (V10.1 FP6)	SB# 40988 (V10.5 FP11)	SB# 40997 (V11.1.4 FP6) SB# 41025 for Windows	11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. (CVE-2021-38931)	N/A	N/A	N/A	SB# 40997 (V11.1.4 FP6) SB# 41025 for Windows	11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.(CVE-2021-29752)	N/A	N/A	N/A	SB# 40915 (V11.1.4 FP6)	SB# 10462 (V11.5.6)
Security Bulletin: IBM® Db2® under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. (CVE-2021-29763)	N/A	N/A	N/A	SB# 40915 (V11.1.4 FP6)	SB# 10462 (V11.5.6)
Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)	N/A	N/A	N/A	SB# 40915 (V11.1.4 FP6)	SB# 10462 (V11.5.6)
Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976)	SB# 40913 (V9.7 FP11)	SB# 40912 (V10.1 FP6)	SB# 40911 (V10.5 FP11)	SB# 40915 (V11.1.4 FP6)	SB# 10462 (V11.5.6)
Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbitrary files due to improper group permissions. (CVE-2020-4945)	N/A	N/A	N/A	N/A	V11.5.6
Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885)	N/A	N/A	N/A	N/A	V11.5.6
Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.	N/A	N/A	N/A	SB #40812 (V11.1.4 FP6)	V11.5.6
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. (CVE-2021-29703)	N/A	SB # 40800 (v10.1 FP6)	SB #40802 (v10.5 FP11)	SB #40812 (V11.1.4 FP6)	V11.5.6
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure (CVE-2021-20579)	SB #40801 (v9.7 FP11)	SB # 40800 (v10.1 FP6)	SB #40802 (v10.5 FP11)	SB #40812 (V11.1.4 FP6)	V11.5.6
Security Bulletin: Under special circumstances, Db2 is vulnerable to a denial of service during drop table (CVE-2021-29777)	SB #40801 (v9.7 FP11)	SB # 40800 (v10.1 FP6)	SB #40802 (v10.5 FP11)	SB #40812 (V11.1.4 FP6)	V11.5.6
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specifically crafted select statement. (CVE-2021-29702)	N/A	N/A	N/A	V11.1.4.6	V11.5.5.1
Security Bulletin: A vulnerability in IBM Java Technology Edition affects IBM® Db2®. (January 2021 CPU)	N/A	N/A	N/A	JDK Upgrade	JDK Upgrade
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)	SB #40690 (v9.7 FP11)	SB #40689 (v10.1 FP6)	SB #40688 (v10.5 FP11)	V11.1.4.6	SB #6195 (v11.5.5 FP0)
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)	SB #40690 (v9.7 FP11)	SB #40689 (v10.1 FP6)	SB #40688 (v10.5 FP11)	V11.1.4.6	SB #6195 (v11.5.5 FP0)
Security Bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files (CVE-2020-4976)	SB #40690 (v9.7 FP11)	SB #40689 (v10.1 FP6)	SB #40688 (v10.5 FP11)	V11.1.4.6	SB #6195 (v11.5.5 FP0)
Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642)	SB #40586 (v9.7 FP11)	SB #40585 (v10.1 FP6)	SB #40584 (v10.5 FP11)	SB #40583 (v11.1.4 FP5)	SB #5040 (v11.5.5 FP0)
Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)	SB #40481 (v9.7 FP11)	SB #40480 (v10.1 FP6)	SB #40479 (v10.5 FP11)	SB #40478 (v11.1.4 FP5)	v11.5.5.0
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)	N/A	N/A	SB #40479 (v10.5 FP11)	SB #40478 (v11.1.4 FP5)	v11.5.5.0
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime related to the Kerberos component affect IBM® Db2®. (CVE-2019-2949)	N/A	N/A	N/A	JDK Upgrade	JDK Upgrade
Security Bulletin:IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4411)	N/A	N/A	N/A	Spectrum Scale efix	Spectrum Scale efix
Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4412)	N/A	N/A	N/A	Spectrum Scale efix	Spectrum Scale efix
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387)	SB #40481 (Replaces SB 40162) (v9.7 FP11)	SB #40161 (v10.1 FP6)	SB #40479 (Replaces SB 40160) (v10.5 FP11)	SB #40159 (v11.1.4 FP5)	v11.5.4.0
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)	SB #40481 (Replaces SB 40162) (v9.7 FP11)	SB #40161 (v10.1 FP6)	SB #40479 (Replaces SB 40160) (v10.5 FP11)	SB #40159 (v11.1.4 FP5)	v11.5.4.0
Security Bulletin: IBM® Db2® may be vulnerable to a Denial of Service attack (CVE-2020-4355)	SB #40481 (Replaces SB 40162) (v9.7 FP11)	SB #40161 (v10.1 FP6)	SB #40479 (Replaces SB 40160) (v10.5 FP11)	SB #40159 (v11.1.4 FP5)	v11.5.4.0
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)	SB #40481 (Replaces SB 40162) (v9.7 FP11)	SB #40161 (v10.1 FP6)	SB #40479 (Replaces SB 40160) (v10.5 FP11)	SB #40159 (v11.1.4 FP5)	v11.5.4.0
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)	SB #40481 (Replaces SB 40162) (v9.7 FP11)	SB #40161 (v10.1 FP6)	SB #40479 (Replaces SB 40160) (v10.5 FP11)	SB #40159 (v11.1.4 FP5)	v11.5.4.0
Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)	SB #40481 (Replaces SB 40162) (v9.7 FP11)	SB #40161 (v10.1 FP6)	SB #40479 (Replaces SB 40160) (v10.5 FP11)	SB #40159 (v11.1.4 FP5)	v11.5.4.0
Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.	N/A	N/A	N/A	SB #39991 (v11.1.4 FP5)	SB #39990 (v11.5)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (January 2020 CPU)	EoS	EoS	JDK Upgrade	JDK Upgrade	JDK Upgrade
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4161)	N/A	N/A	N/A	N/A	SB #39711 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2020-4230)	N/A	N/A	N/A	SB #39693 (v11.1.4 FP5)	SB #39711 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200)	N/A	N/A	SB #39688 (v10.5 FP10)	SB #39693 (v11.1.4 FP5)	SB #39711 (v11.5)
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2020-4204)	SB #39672 (v9.7 FP11)	SB #39678 (v10.1 FP6)	SB #39688 (v10.5 FP10)	SB #39693 (v11.1.4 FP5)	SB #39711 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135)	SB #39672 (v9.7 FP11)	SB #39678 (v10.1 FP6)	SB #39688 (v10.5 FP10)	SB #39693 (v11.1.4 FP5)	SB #39711 (v11.5)
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2019-4558)	EoS	EoS	N/A	V11.1.4.5	V11.5
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1783)	EoS	EoS	Spectrum Scale 4.1.1.17 eFix 9	V11.1.4.5	N/A
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2019-4587)	N/A	SB #39396 (v10.1 FP6)	SB #39397 (v10.5 FP10)	V11.1.4.5	SB #39395 (v11.5)
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4584)	SB #39395 (v9.7 FP11)	SB #39396 (v10.1 FP6)	SB #39397 (v10.5 FP10)	V11.1.4.5	SB #39395 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to information disclosure (CVE-2019-4524)	SB #39395 (v9.7 FP11)	SB #39396 (v10.1 FP6)	SB #39397 (v10.5 FP10)	V11.1.4.5	SB #39395 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to information disclosure (CVE-2019-4438)	N/A	N/A	N/A	V11.1.4.5	N/A
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2019 CPU)	EoS	EoS	JDK Upgrade	JDK Upgrade	JDK Upgrade
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.(April 2019 CPU)	EoS	EoS	JDK Upgrade	JDK Upgrade	JDK Upgrade

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin)	DB2 9.7 (EoS)	DB2 10.1 (EoS)	DB2 10.5	DB2 11.1
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4322).	SB #38744 (v9.7 FP11)	SB #38745 (v10.1 FP6)	SB #38746 (v10.5 FP10)	SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2019-4386).	N/A	N/A	N/A	SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to potential arbitrary code execution as root (CVE-2019-4154).	SB #38744 (v9.7 FP11)	SB #38745 (v10.1 FP6)	SB #38746 (v10.5 FP10)	SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102).	SB #38744 (v9.7 FP11)	SB #38745 (v10.1 FP6)	SB #38746 (v10.5 FP10)	SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: Under specialized conditions, IBM® Db2® is vulnerable to denial of service (CVE-2019-4101).	N/A	SB #38745 (v10.1 FP6)	SB #38746 (v10.5 FP10)	SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation to root via malicious use of fenced user (CVE-2019-4057)	SB #38744 (v9.7 FP11)	SB #38745 (v10.1 FP6)	SB #38746 (v10.5 FP10)	SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2019-4014).	SB #38501 (v9.7 FP11)	SB #38502 (v10.1 FP6)	SB #38478 (v10.5 FP10)	SB #38505 (v11.1.4.4 iFix 001)
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2018-1936).	SB #38501 (v9.7 FP11)	SB #38502 (v10.1 FP6)	SB #38478 (v10.5 FP10)	SB #38505 (v11.1.4.4 iFix 001)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (January 2019 CPU)	EoS	EoS	JDK Upgrade	JDK Upgrade
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094).	SB #38387 (v9.7 FP11)	SB #38388 (v10.1 FP6)	SB #38389 (v10.5 FP10)	V11.1.4.4 iFix001
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016).	SB #38387 (v9.7 FP11)	SB #38388 (v10.1 FP6)	SB #38389 (v10.5 FP10)	V11.1.4.4 iFix001
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (October 2018 CPU)	EoS	EoS	JDK Upgrade	JDK Upgrade
Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977).	N/A	N/A	N/A	v11.1.4 FP4
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723).	N/A	N/A	Spectrum Scale 4.1.1.17 efix 8	v11.1.4 FP4
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow leading to privilege escalation (CVE-2018-1897).	SB #38043 (v9.7 FP11)	SB #38065 (v10.1 FP6)	SB #38042 (v10.5 FP10)	v11.1.4 FP4
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2018 CPU)	EoS	EoS	JDK Upgrade	v11.1.4 FP4
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2018-1802).	EoS SB #37995 (v9.7 FP11)	EoS SB #37994 (v10.1 FP6)	SB #37993 (v10.5 FP10)	v11.1.4.4 OR SB #37992 (v11.1.3.3 iFix002)
Security Bulletin: IBM® Db2® is affected by multiple privilege escalation vulnerabilities (CVE-2018-1799, CVE-2018-1780, CVE-2018-1781, CVE-2018-1834).	EoS SB #37995 (v9.7 FP11)	EoS SB #37994 (v10.1 FP6)	SB #37993 (v10.5 FP10)	v11.1.4.4 OR SB #37992 (v11.1.3.3 iFIx002)
Security Bulletin: IBM® Db2®'s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857)	EoS	N/A	N/A	v11.1.4.4 OR SB #37992 (v11.1.3.3 iFix002)
Vulnerabilities in GSKit affect IBM Spectrum Scale used by DB2® pureScale™ (CVE-2018-1431, CVE-2018-1447, CVE-2017-3732, CVE-2016-0705).	EoS	EoS	Spectrum Scale Update	v11.1.4.4 and Spectrum Scale Update
Privilege escalation in IBM® DB2® tool db2cacpy (CVE-2018-1685).	EoS IT25816 in SB #37945 (v9.7 FP11)	EoS IT25815 in SB #37946 (v10.5 FP6)	IT25814 in SB #37836 (v10.5 FP10)	IT25466 in SB #37835 (v11.1.3.3 iFix002)
Security Bulletin: Buffer overflow in IBM® DB2® tool db2licm (CVE-2018-1710).	Not Vulnerable	EoS IT25820 in SB #37946 (v10.1 FP6)	IT25719 in SB #37836 (v10.5 FP10)	IT25819 in SB #37835 (v11.1.3.3 iFix002)
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® Administrative Task Scheduler (CVE-2018-1711)	EoS IT25824 in SB #37945 (v9.7 FP11)	EoS IT25825 in SB #37946 (v10.1 FP 6)	IT25826 in SB #37836 (v10.5 FP10)	v11.1.4.4 OR IT25813 in SB #37835 (v11.1.3.3 iFix002)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (CVE-2018-2783, CVE-2018-2794)	EoS	EoS	JDK upgrade	v11.1.4 FP4
Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737)	EoS	EoS	FCM upgrade	v11.1.4 FP4 OR FCM upgrade
Privilege escalation in IBM DB2 via loading libraries from untrusted path (CVE-2018-1487)	EoS IT24477 in SB #37642 (v9.7 FP11)	EoS IT24476 in SB #37641 (v10.1 FP6)	IT24475 in SB #37640 (v10.5 FP9)	v11.1.3 FP3 iFix002 OR IT24474 in SB #37639 (v11.1.3.3 iFix001)
Multiple untrusted search path vulnerabilities in the IBM DB2 DAS component on Windows (CVE-2018-1458)	EoS IT24826 in SB #37642 (v9.7 FP11)	EoS IT24825 in SB #37641 (v10.1 FP6)	v10.5 FP10 OR SB #37640 (v10.5 FP9)	v11.1.3 FP3 iFix002 OR IT24823 in SB #37639 (v11.1.3.3 iFix001)
Security Bulletin: Format string vulnerability in IBM DB2 tool db2support (CVE-2018-1566)	EoS IT24463 in SB #37642 (v9.7 FP11)	EoS IT24462 in SB #37641(v10.1 FP6)	v10.5 FP10 OR IT24461 in SB #37640 (v10.5 FP9)	v11.1.3 FP3 iFix002 OR IT24283 in SB #37639 (v11.1.3.3 iFix001)
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® DB2®. (CVE-2018-2579, CVE-2018-2678, CVE-2018-2618, CVE-2018-2602)	EoS (Manually upgrade IBM JDK)	EoS (Manually upgrade IBM JDK)	v10.5 FP10	V11.1.3 FP4
Security Bulletin: IBM® DB2® is vulnerable to buffer overflow (CVE-2018-1459)	IT24466 in Special Build #37477 (v9.7 FP11)	IT24465 in Special Build #37478 (v10.1 FP6)	v10.5 FP10 OR IT24464 in Special Build #37479 (v10.5 FP9)	IT24311 in v11.1.3.3 iFix001
Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565)	IT24804 in Special Build #37477 (v9.7 FP11)	IT24803 in Special Build #37478 (v10.1 FP6)	v10.5 FP10 OR SB #37479 (v10.5 FP9)	IT24799 in v11.1.3.3 iFix001
Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® DB2® (CVE-2018-1515)	Not vulnerable	Not vulnerable	IT24645 in Special Build #37479	IT24642 in v11.1.3.3 iFix001
Security Bulletin: Buffer overflow in IBM® DB2® tool db2licm (CVE-2018-1488)	Not vulnerable	Not vulnerable	IT24478 in Special Build #37479	IT24473 in v11.1.3.3 iFix001
Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452)	IT24217 Special Build #37477	IT24216 Special Build #37478	IT24215 Special Build #37479	IT24171 in v11.1.3.3 iFix001
Security Bulletin: IBM® Db2® is affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654)	EoS	EoS	V10.5 FP9 Spectrum Scale V4.1.1.11 efix9	V11.1.1 FP3 Spectrum Scale V4.1.1.17 efix3
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2018-1447)	IT24060 Special Build #37314 (see Security Bulletin)	IT24061 Special Build #37313 (see Security Bulletin)	IT24058 Special Build #37311 (see Security Bulletin)	IT24059 in v11.1 M3 FP3
Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448)	IT24214 Special Build #37314 (see Security Bulletin)	IT24213 Special Build #37313 (see Security Bulletin)	IT24212 Special Build #37311 (see Security Bulletin)	IT24170 in v11.1 M3 FP3
The Db2 JDBC driver deserializes an object unsafely potentially leading to arbitrary code execution (CVE-2017-1677)	IT23799 Special Build #37314 (see Security Bulletin)	IT23798 Special Build #37313 (see Security Bulletin)	IT23797 Special Build #37311 (see Security Bulletin)	IT23794 in v11.1 M3 FP3
Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571)	IT22411 Special Build #37314 (see Security Bulletin)	IT22413 Special Build #37313 (see Security Bulletin)	IT22414 Special Build #37311 (see Security Bulletin)	IT22415 in v11.1 M3 FP3
Security Bulletin: : Security vulnerabilities have been identified in Tivoli Storage FlashCopy Manager shipped with IBM Db2.	N/A	IT18997 (fixed in next release)	IT20495 in V10.5 FP9	V11.1.3 FP3 Solution in PPA (see Security Bulletin)
Security Bulletin: Privilege escalation vulnerabilities affect IBM® Db2® (CVE-2017-1439, CVE-2017-1451)	IT21396 Special Build #36826 (see Security Bulletin)	IT21395 Special Build #36827 (see Security Bulletin)	IT21394 in V10.5 FP9 or FP8 Special Build #36828	IT21364 V11.1.3 or v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: Privilege escalation vulnerabilities affect IBM® Db2® (CVE-2017-1438)	IT21143 Special Build #36826 (see Security Bulletin)	IT21163 Special Build #36827 (see Security Bulletin)	IT21164 in V10.5 FP9 or FP8 Special Build #36828	IT21140 v11.1.3 or v11.1 FP2 Special Build #36792(see Security Bulletin)
Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files. (CVE-2017-1452)	IT21465 Special Build #36826 (see Security Bulletin)	IT21464 Special Build #36827 (see Security Bulletin)	IT21463 in V10.5 FP9 or FP8 Special Build #36828	IT21458 v11.1 FP3 or v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434).	N/A	N/A	N/A	IT21347 v11.1 FP3 or v11.1 FP2 Special Build #36792(see Security Bulletin)
Security Bulletin: IBM® Db2® is affected by denial of service vulnerability in the Db2 Connect Server (CVE-2017-1519)	N/A	N/A	IT21454 in V10.5 FP9 or FP8 Special Build #36828	IT21455 v11.1 FP3 or v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® Db2® is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT (CVE-2017-1520)	IT21974 Special Build #36826 (see Security Bulletin)	IT21973 Special Build #36827 (see Security Bulletin)	IT21462 in V10.5 FP9 or FP8 Special Build #36828	IT21459 v11.1 FP3 or v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® DB2® LUW's Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297).	IT20570 Special Build #36621 (see Security Bulletin)	IT20571 Special Build #36610 (see Security Bulletin)	IT20498 in V10.5 FP9 or FP8 Special Build #36605	IT20562 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843).	IT9129 Special Build #36621(see Security Bulletin)	IT20564 Special Build #36610 (see Security Bulletin)	IT20565 in V10.5 FP9 or FP8 Special Build #36605	IT20566 in V11.1 FP2
Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)	IT20567 Special Build (see Security Bulletin)	IT20568 Special Build (see Security Bulletin)	IT20461 in V10.5 FP9	IT20463 in V11.1 FP2
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® LUW (CVE-2017-1134)	N/A	IT20569 see Security Bulletin	IT20460 in V10.5 FP9	IT20462 in V11.1 FP2
Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150)	N/A	IT15485 in V10.1 FP6	IT19399 in V10.5 FP9	IT19400 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW is vulnerable to Sweet32 Birthday Attack (CVE-2016-2183)	IT17531 Have remediation (see Security Bulletin)	IT17645 in V10.1 FP6	IT17646 in V10.5 FP9 Have remediation	IT17467 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by a Vulnerability in GPFS (CVE-2016-2119)	N/A	N/A	T17644 in V10.5 FP9	IT17530 in V11.1 FP1
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995)	IT17010 Special Build (see Security Bulletin)	IT17011 in V10.1 FP6	IT16921 in V10.5 FP8	IT17012 in V11.1 FP1
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985)	IT17531 Special Build (see Security Bulletin)	IT17645 in V10.1 FP6	IT17646 in V10.5 FP9	IT17647 in V11.1.1 FP1
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)	N/A	N/A	IT17644 in V10.5 FP9	IT17530 in V11.1.1 FP1
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995)	IT17010 Special Build (see Security Bulletin)	IT17011 in V10.1 FP6	IT16921 in V10.5 FP8	IT17012 in V11.1.1 FP1
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985)	N/A	IT16321 in V10.1 FP6	IT16323 in V10.5 FP8	IT16324 in V11.1.1 FP1
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)	IT15576 Special Build (see Security Bulletin)	IT15577 in V10.1 FP6	IT15578 in V10.5 FP8	IT15579 in V11.1.1 FP1
Vulnerabilities in Flexera InstallShield and InstallAnywhere affect IBM Data Server Driver packages (CVE-2016-2542, CVE-2016-4560)	IT14993 in V9.7 FP11 (no Special Build)	IT14999 in V10.1 FP6	IT15000 in V10.5 FP8	Fixed in GA
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS	N/A	IT16321 in V10.1 FP6	IT16323 in V10.5 FP8	IT16324

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin)	DB2 9.7 (EoS)	DB2 9.8 (EoS)	DB2 10.1 (EoS)	DB2 10.5
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with subquery containing the AVG OLAP function on Oracle compatible database (CVE-2016-0215)	IT12673	IT13208 Special Build (see Security Bulletin)	IT12669 in V10.1 FP6	IT12675 in V10.5 FP8
IBM® DB2® LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211)	IT12462 Special Build (see Security Bulletin)	IT13350 Special Build (see Security Bulletin)	IT12487 in V10.1 FP6	IT12488 in V10.5 FP8
Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421)	IT12647 Special Build (see Security Bulletin)	IT12646 Special Build (see Security Bulletin)	IT12645 Special in V10.1 FP6	IT12642 in V10.5 FP8
Vulnerabilities in GPFS affect IBM® DB2® LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)	N/A	IT11550 Special Build (see Security Bulletin)	IT11549 in V10.1 FP6	IT11536 in V10.5 FP8
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204) Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® DB2® LUW (CVE-2015-2808) Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-1788) Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000) Note: these vulnerabilities also affect Java, and for that, customer need to download the new version of Java from DB2 Fix Central. Please refer to security bulletin for details.	N/A	N/A	IT07393 in V10.1 FP6	IT07394 in V10.5 FP7
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® LUW (CVE-2015-1947)	IT08755 Special Build (see Security Bulletin)	IT08754 Special Build (see Security Bulletin)	IT08751 in V10.1 FP6	IT08753 in V10.5 FP7
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® (CVE-2015-1788)	IT09897 in V9.7 FP11	IT09901 Special Build (see Security Bulletin)	IT09899 in V10.1 FP6	IT09900 in V10.5 FP7
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions (CVE-2015-0157)	IT07103 in V9.7 FP11	IT07107 Special Build (see Security Bulletin)	IT07108 in V10.1 FP5	IT07109 in V10.5 FP7
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability in the database automated maintenance feature (CVE-2015-1883)	IT08086 in V9.7 FP11	IT08085 Special Build (see Security Bulletin)	IT08080 in V10.1 FP5	IT08075 in V10.5 FP7
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® DB2® LUW (CVE-2015-2808)	IT08534 in V9.7 FP11	IT08535 Special Build (see Security Bulletin)	IT08536 in V10.1 FP5	IT08537 in V10.5 FP7
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions that may result in arbitrary code execution as the DB2 instance owner (CVE-2015-1935)	IT08668 in V9.7 FP11	IT08667 Special Build (see Security Bulletin)	IT08543 in V10.1 FP5	IT08656 in V10.5 FP6
Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)	N/A	1IT8112 Special Build (see Security Bulletin)	IT08525 in V10.1 FP5	IT08113 in V10.5 FP6
Security Bulletin: IBM® DB2® LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922)	IT08523 in V9.7 FP11	IT08524 Special Build (see Security Bulletin)	IT08525 in V10.1 FP5	IT08526 in V10.5 FP6
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)	IT06356 in V9.7 FP11	IT06355 Special Build (see Security Bulletin)	IT06354 in V10.1 FP5	IT06353 in V10.5 FP6
Security Bulletin: IBM® DB2® contains a sensitive information exposure vulnerability in the monitoring and audit feature (CVE-2014-0919)	IT07547 in V9.7 FP11	IT07552 Special Build (see Security Bulletin)	IT07553 in V10.1 FP5	IT07554 in V10.5 FP6
Security Bulletin: Vulnerabilities in GSKit affect IBM® DB2® (CVE-2015-0138, CVE-2015-0159 and CVE-2014-6221)	IT07648 in V9.7 FP11	IT07647 Special Build (see Security Bulletin)	IT07646 in V10.1 FP5	IT07635 in V10.5 FP6
Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730)	IT06348 in V9.7 FP11	IT06349 Special Build (see Security Bulletin)	IT06350 in V10.1 FP5	IT06351 in V10.5 FP6
Security Bulletin: IBM® DB2® XML Query Will Cause Excessive CPU Usage (CVE-2014-8901)	IT05937 in V9.7 FP11	IT05938 Special Build (see Security Bulletin)	IT05939 in V10.1 FP5	IT05933 in V10.5 FP5
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. (CVE-2014-6210)	IC96934 in V9.7 FP11	IT05651 Special Build (see Security Bulletin)	IT05652 in V10.1 FP5	IT04138 in V10.5 FP5
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209)	IT05645 in V9.7 FP11	IT056446 Special Build (see Security Bulletin)	IT05647 in V10.1 FP5	IT04786 in V10.5 FP5
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE. (CVE-2014-6159)	IT05105 in V9.7 FP10	IT05132 Special Build (see Security Bulletin)	IT05074 in V10.1 FP5	IT04730 in V10.5 FP4
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally. (CVE-2014-6097)	IT03786 in V9.7 FP10	IT04034 Special Build (see Security Bulletin)	N/A	N/A
Security Bulletin: Unauthorized Access to user data vulnerability in DB2 during certain LOAD operations into Columnar Data Engine (CDE) tables (CVE-2014-4805)	N/A	N/A	N/A	IT03761 in V10.5 FP4
Security Bulletin: IBM® DB2® for LUW is affected by the OpenSSL vulnerability (CVE-2014-3470)	N/A	N/A	IT02960 in V10.1 FP5	IT02963 in V10.5 FP4
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with a subquery containing a UNION (CVE-2014-3095)	IT02645 in V9.7 FP10	IT02644 Special Build (see Security Bulletin)	IT02646 in V10.1 FP5	IT02433 in V10.5 FP4
Security Bulletin: IBM® DB2® is affected by the JSON-C vulnerability (CVE-2013-6371}	N/A	N/A	N/A	IT02201 in V10.5 FP4
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094)	IT02592 in V9.7 FP10	IT02594 Special Build (see Security Bulletin)	IT02593 in V10.1 FP5	IT02291 in V10.5 FP4
Security Bulletin: IBM® DB2® is impacted by multiple TLS/SSL security vulnerabilities (CVE-2013-6747, CVE-2014-0963)	IC99474 in V9.7 FP9a	IC99476 Special Build (see Security Bulletin)	IC99475 in V10.1 FP3a & FP4	IC99477 in V10.5 FP3a
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2014-0907)	IT00684 in V9.7 FP9a	IT00685 Special Build (see Security Bulletin)	IT00686 in V10.1 FP3a & FP4	IT00687 in V10.5 FP3a
Security Bulletin: Escalation of Privilege Vulnerability in IBM® DB2® Stored Procedure Infrastructure on Windows (CVE-2013-6744)	IC99478 in V9.7 FP9a	N/A	IC99480 in V10.1 FP3a & FP4	IC99481 in V10.5 FP3a
Security Bulletin: Denial of Service Vulnerability in DB2's XSLT Library. (CVE-2013-5466)	IC97470 in V9.7 FP9	IC97763 Special Build (see Security Bulletin)	IC97471 in V10.1 FP3a & FP4	IC97472 in V10.5 P3
Security Bulletin: Executing a query with an OLAP specification causes the DB2 server to terminate database connections. (CVE-2013-6717)	IC95641 in V9.7 FP9	IC97762 Special Build (see Security Bulletin)	IC97737 in V10.1 FP3a & FP4	IC97738 in V10.5 P3
Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windows's Fast Communications Manager. (CVE-2013-4032)	N/A	N/A	IC94434 in V10.1 FP3	IC94939 in V10.5 P3
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2013-4033)	IC94523 in V9.7 FP9	IC94756 Special Build (see Security Bulletin)	IC94757 in V10.1 FP3	IC94758 in V10.5 FP1
Security Bulletin: Privilege escalation vulnerability in IBM DB2's Audit Facility (CVE-2013-3475)	IC92495 in V9.7 FP9	IC92496 Special Build (see Security Bulletin)	IC92498 in V10.1 FP3	10.5 GA
Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169)	IC90395 in V9.7 FP9	IC90396 Special Build (see Security Bulletin)	IC90397 in V10.1 FP3a & FP4	10.5 GA
Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)	IC90395 in V9.7 FP9	IC90396 Special Build (see Security Bulletin)	IC90397 in V10.1 FP3a & FP4	10.5 GA
Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826)	IC86781 in V9.7 FP7	IC86782 Special Build (see Security Bulletin)	IC86783 in V10.1 FP1	N/A
Security Bulletin: IBM DB2 Security Vulnerability in the UTL_FILE module (CVE-2012-3324)	N/A	N/A	IC85513 in V10.1 FP1	N/A
Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 Java Stored Procedure Infrastructure (CVE-2012-2197)	IC84753 in V9.7 FP7	IC84754 Special Build (see Security Bulletin)	IC84755 in V10.1 FP1	N/A
Security Bulletin: IBM DB2 Security Vulnerability in SQLJ.DB2_INSTALL_JAR (CVE-2012-2194)	IC84714 in V9.7 FP7	IC84715 Special Build (see Security Bulletin)	IC84716 in V10.1 FP1	N/A
Security Bulletin: XML File Disclosure Vulnerability in IBM DB2 GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (CVE-2012-2196)	IC84748 in V9.7 FP7	IC84750 Special Build (see Security Bulletin)	IC84751 in V10.1 FP1	N/A
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-2180)	IC82234 in V9.7 FP6	IC82367 in V9.8 FP5	10.1 GA	N/A
Security Bulletin: Unauthorized File Access Security Vulnerability in DB2 XML Feature (CVE-2012-0713)	IC81462 in V9.7 FP6	IC81839 in V9.8 FP5	10.1 GA	N/A
Security Bulletin: Remote Escalation of Privilege Vulnerability in DB2 Administration Server (CVE-2012-0711)	IC80729 in V9.7 FP6	N/A	10.1 GA	N/A
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-0710)	IC76901 in V9.7 FP5	IC76902 in V9.8 FP4	N/A	N/A
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2012-0709)	IC81390 in V9.7 FP6	IC81836 in V9.8 FP5	N/A	N/A
Security Bulletin: Denial of Service Security Vulnerability in DB2’s XML Feature. (CVE-2012-0712)	IC81380 in V9.7 FP6	IC81837 in V9.8 FP5	N/A	N/A
DB2 Escalation of Privilege Vulnerability (CVE-2011-4061)	IC79274 in V9.7 FP6	N/A	N/A	N/A

Related Information

Download DB2 Fix Packs by version for DB2 for LUW

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"Install\/Migrate\/Upgrade - Fixpak","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.8;9.7;10.1;10.5;11.1;11.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

Published Security Vulnerabilities for Db2 for Linux, UNIX, and Windows including Special Build information

Preventive Service Planning

Abstract

Content

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT (CVE-2023-38729)

Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?