Improper Neutralization of Special Elements in Data Query Logic

CVE-2024-35136

Medium

5.3/10

Summary

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

References

Advisory Timeline

Published Aug 14, 2024

Improper Neutralization of Special Elements in Data Query Logic

CVE-2024-35136

Summary

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS