Severity
Medium
Analysis Summary
CVE-2025-3050 CVSS:5.3
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
CVE-2025-2518 CVSS:5.3
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2024-49350 CVSS:6.5
Windows (includes DB2 Connect Server) versions 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.1 is vulnerable to a denial of service vulnerability where the server may crash under certain conditions with a specially crafted query (IBM Security).
Impact
- Denial of Service
Indicators of Compromise
CVE
CVE-2025-3050
CVE-2025-2518
CVE-2024-49350
Affected Vendors
- IBM
Affected Products
- IBM Db2 for Linux-UNIX and Windows (includes DB2 Connect Server) versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1
Remediation
Refer to the IBM Security Advisory for patch, upgrade, or suggested workaround information.