IBM Db2 on Cloud Pak for Data <5.3 - Authenticated DoS on DB creation
CVE-2024-54178 Published on June 22, 2026

Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-54178 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.


Products Associated with CVE-2024-54178

stack.watch emails you whenever new vulnerabilities are published in IBM Db2 On Cloud Pak For Data or IBM Db2 Warehouse On Cloud Pak Data. Just hit a watch button to start following.

IBM Db2 On Cloud Pak For Data
 
IBM Db2 Warehouse On Cloud Pak Data
 

Affected Versions

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data: