Vulnerability DatabaseCVE-2024-49350

CVE-2024-49350:
IBM Db2 vulnerability analysis and mitigation

Overview

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.1 is vulnerable to a denial of service vulnerability where the server may crash under certain conditions with a specially crafted query (IBM Security, NVD).

Technical details

The vulnerability is identified as CVE-2024-49350 and has been classified as a Stack-based Buffer Overflow (CWE-121). It has been assigned a CVSS Base score of 6.5 MEDIUM with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (IBM Security, Wiz).

Impact

When successfully exploited, this vulnerability can result in a denial of service condition where the IBM Db2 server may crash under specific circumstances when processing a specially crafted query (IBM Security).

Mitigation and workarounds

IBM has released special builds containing interim fixes for affected versions. Customers running vulnerable versions can download these special builds from Fix Central. The fixes are available for V11.1.4 FP7, V11.5.9, and V12.1.1, and can be applied to any affected mod pack level of the appropriate release. Note that after December 31, 2025, versions 11.1 and 10.5 of Db2 will not receive security fixes as they will reach End of Support (IBM Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.5

Score

Published May 29, 2025

Severity HIGH

CNA Score 6.5

Affected Technologies

IBM Db2

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 22.3

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

cpe:2.3:a:ibm:db2

Sources

VulnCheck NVD++
- Linux Severity MEDIUMHas FixAdded at: Jun 01, 2025
- Windows Severity MEDIUMHas FixAdded at: Jun 01, 2025
NVD
- Linux Severity HIGHHas FixAdded at: Jun 10, 2025
- Windows Severity HIGHHas FixAdded at: Jun 10, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related IBM Db2 vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-36186	HIGH	7.8	IBM Db2	cpe:2.3:a:ibm:db2	No	No	Nov 07, 2025
CVE-2025-36008	MEDIUM	6.5	IBM Db2	cpe:2.3:a:ibm:db2	No	Yes	Nov 07, 2025
CVE-2025-36185	MEDIUM	5.5	IBM Db2	cpe:2.3:a:ibm:db2	No	No	Nov 07, 2025
CVE-2025-36136	MEDIUM	5.5	IBM Db2	cpe:2.3:a:ibm:db2	No	Yes	Nov 07, 2025
CVE-2025-36131	MEDIUM	4.6	IBM Db2	cpe:2.3:a:ibm:db2	No	Yes	Nov 07, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2024-49350: IBM Db2 vulnerability analysis and mitigation