Primary

Context

IBM Db2 Denial-of-Service Vulnerability via Automatic Client Rerouting

Vulnerability

Patched

A denial-of-service vulnerability has been identified in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server, versions 11.5.0 prior to 11.5.9 and 12.1.0 prior to 12.1.1. This vulnerability could allow an authenticated user to disrupt service when connecting to a z/OS database, due to improper management of automatic client rerouting.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing disruptions in service when connecting to affected z/OS databases.

Remediation

Users can download special builds containing the interim fix for this vulnerability from Fix Central. For Db2 version 11.5, special Build #55285 or later is available. For Db2 version 12.1, special Build #54779 or later can be downloaded. These special builds can be applied to any affected level of the respective release.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Denial-of-Service Vulnerability via Automatic Client Rerouting

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating