IBM Db2 command execution
Description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 allows users with DATAACCESS privileges to execute unauthorized routines, leading to privilege escalation.
Vulnerability
A flaw in IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 10.5.x, 11.1.4.x, and 11.5.x allows users with the DATAACCESS privilege to execute routines they should not have access to [1]. The vulnerability is present regardless of platform and may also affect earlier, unsupported releases (such as 10.1 and 9.7) [1]. The condition requires the attacker to possess DATAACCESS privileges, which are typically granted to database administrators or users with elevated database roles.
Exploitation
An attacker with DATAACCESS privileges can exploit this vulnerability by invoking routines that are restricted to higher-privilege users [1]. The attack can be launched over a network (CVSS vector indicates network attack vector) without requiring user interaction [1]. The attacker must have high privileges (DATAACCESS) but no additional authentication is needed beyond those privileges [1]. The exact steps are not detailed in the available references, but the vulnerability can be triggered by executing specific database routines that the user should not be authorized to run.
Impact
Successful exploitation can lead to complete compromise of confidentiality, integrity, and availability (CIA) of the database system [1]. The CVSS base score of 7.2 (High) reflects the potential for an attacker with DATAACCESS to execute arbitrary routines with Db2 server privileges, potentially leading to full system control [1]. The impact is considered high for all three CIA attributes.
Mitigation
IBM has released special builds containing interim fixes for the affected versions, available from Fix Central: V10.5 FP11, V11.1.4 FP7, and V11.5.8 [1]. These special builds can be applied to any affected fixpack level of the respective release [1]. Customers running unsupported earlier releases (e.g., 10.1, 9.7) are urged to upgrade to a supported, fixed version [1]. There is no known workaround other than applying the fix. This CVE is not listed on the KEV catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 10.5, 11.1, 11.5
- Range: 10.5, 11.1 ,11.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.ibm.com/support/pages/node/7078681mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/260214mitrevdb-entry
- security.netapp.com/advisory/ntap-20240119-0001/mitre
News mentions
0No linked articles in our index yet.