{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-39724", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-06-28T09:34:20.322Z", "datePublished": "2026-02-04T20:52:21.777Z", "dateUpdated": "2026-02-04T21:30:20.090Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:big_sql:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:big_sql:7.8:*:*:*:*:*:*:*"], "product": "Db2 Big SQL on Cloud Pak for Data", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.1.0", "status": "affected", "version": "IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8", "versionType": "semver"}, {"status": "affected", "version": "IBM Db2 Big SQL 7.7 on Cloud Pak for Data 5.0"}, {"status": "affected", "version": "IBM Db2 Big SQL 7.8 on Cloud Pak for Data 5.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p>IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.</p></div>"}], "value": "IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-04T21:30:20.090Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7257907"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><br><span style=\"background-color: rgb(255, 255, 255);\">The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=upgrading\">Upgrading Cloud Pak for Data</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;and </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=sql-upgrading\">Upgrading the Db2 Big SQL</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;service.</span></p>"}], "value": "The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for Upgrading Cloud Pak for Data https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x \u00a0and Upgrading the Db2 Big SQL https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x \u00a0service."}], "title": "IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T21:15:59.832540Z", "id": "CVE-2024-39724", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T21:16:13.109Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39724", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T21:15:59.832540Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T21:16:04.842Z"}}], "cna": {"title": "IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:big_sql:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:big_sql:7.8:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Db2 Big SQL on Cloud Pak for Data", "versions": [{"status": "affected", "version": "IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8", "versionType": "semver", "lessThanOrEqual": "2.1.0"}, {"status": "affected", "version": "IBM Db2 Big SQL 7.7 on Cloud Pak for Data 5.0"}, {"status": "affected", "version": "IBM Db2 Big SQL 7.8 on Cloud Pak for Data 5.1"}]}], "solutions": [{"lang": "en", "value": "The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for Upgrading Cloud Pak for Data https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x \u00a0and Upgrading the Db2 Big SQL https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x \u00a0service.", "supportingMedia": [{"type": "text/html", "value": "<p><br><span style=\"background-color: rgb(255, 255, 255);\">The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=upgrading\">Upgrading Cloud Pak for Data</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;and </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=sql-upgrading\">Upgrading the Db2 Big SQL</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;service.</span></p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7257907", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.", "supportingMedia": [{"type": "text/html", "value": "<div><p>IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.</p></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-04T21:30:20.090Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39724", "state": "PUBLISHED", "dateUpdated": "2026-02-04T21:30:20.090Z", "dateReserved": "2024-06-28T09:34:20.322Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-02-04T20:52:21.777Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service."}], "id": "CVE-2024-39724", "lastModified": "2026-02-04T22:15:56.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2026-02-04T21:15:56.817", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7257907"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}

{}

{}