IBM DB2 10.1 Improper Input Validation Vulnerability


IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash.


The information has been provided by IBM

The original article can be found at:


IBM DB2 is prone to an Improper Input Validation vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Vulnerable Systems:

IBM DB2 9.7 FP11
IBM DB2 9.7
IBM DB2 iFix001
IBM DB2 11.1
IBM DB2 10.5 FP10
IBM DB2 10.5
IBM DB2 10.1 FP6
IBM DB2 10.1

CVE Information:

Disclosure Timeline:

Categories: News