CVE-2024-54178

Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

Assigner: ibm
Reserved: 30.11.2024 Published: 22.06.2026 Updated: 22.06.2026

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
Versions	Version 4.8.0 is affected affected from 5.0.0 to 5.3.0 (incl.)

Vendor

IBM

Product

Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

Versions

Version 4.8.0 is affected
affected from 5.0.0 to 5.3.0 (incl.)

Solutions

IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.

ProductFixed in Fix Pack

Instructions

IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

v5.4

Db2 Warehouse: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading

Db2: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading

References

Problem Types