IBM Db2 Big SQL on CP4D 7.6-7.8 DoS via Resource Allocation Bypass
CVE-2024-39724 Published on February 4, 2026
IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API
IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.
Vulnerability Analysis
CVE-2024-39724 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Products Associated with CVE-2024-39724
stack.watch emails you whenever new vulnerabilities are published in IBM Db2 or IBM Big Sql. Just hit a watch button to start following.
Affected Versions
IBM Db2 Big SQL on Cloud Pak for Data:- Version IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8, <= 2.1.0 is affected.
- Version IBM Db2 Big SQL 7.7 on Cloud Pak for Data 5.0 is affected.
- Version IBM Db2 Big SQL 7.8 on Cloud Pak for Data 5.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.