IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7279479 |
|
History
Fri, 17 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control. | |
| Title | IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control | |
| First Time appeared |
Ibm
Ibm db2 |
|
| Weaknesses | CWE-94 | |
| CPEs | cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm db2 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-07-17T18:05:02.670Z
Reserved: 2026-05-27T18:39:32.605Z
Link: CVE-2026-9762
Updated: 2026-07-17T18:04:24.329Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T19:00:13Z