Detections
Analytics
IBM DB2 Multiple Vulnerabilities (7277424, 7277423, 7277417) (Unix)
critical Nessus Plugin ID 322980
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities:- IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables. (CVE-2025-36372)
- IBM Db2 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.
(CVE-2026-10109)
- IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns. (CVE-2026-11906)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Apply the appropriate IBM DB2 Fix Pack or Special Build based on the most recent fix pack level for your branch.See Also
https://www.ibm.com/support/pages/node/7277417
Plugin Details
Severity: Critical
ID: 322980
File Name: db2_7277424_7277423_nix.nasl
Version: 1.1
Type: Local
Agent: unix
Family: Databases
Published: 6/26/2026
Updated: 6/26/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-10109
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:ibm:db2
Required KB Items: installed_sw/DB2 Server
Excluded KB Items: SMB/db2/Installed
Patch Publication Date: 6/23/2026
Vulnerability Publication Date: 6/23/2026
Reference Information
CVE: CVE-2025-36372, CVE-2026-10109, CVE-2026-11906
IAVB: 2026-B-0176