CVE-2024-54178 - Vulnerability Details

Description

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.

Published: 2026-06-22

Score: 6.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

An authenticated user can trigger a denial of service in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data by creating new databases, due to improper resource allocation. This vulnerability can exhaust system resources, disrupting database creation and availability of services used by the affected systems.

Affected Systems

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data, versions 4.8, 5.0, 5.1, 5.2 and 5.3 are vulnerable. Version 5.4 contains the fix and is not affected.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The impact requires local access or an authenticated user, suggesting a moderate likelihood of exploitation in environments where privileged users can create new databases. Proper mitigation through upgrade reduces the attack surface to zero.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

affected

Version	Status	Constraints
`4.8.0`	affected	—
`5.0.0`	affected	≤ 5.3.0

No data.

No data available yet.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4. ProductFixed in Fix Pack Instructions IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data v5.4 Db2 Warehouse: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading Db2: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading

OpenCVE Recommended Actions

Upgrade IBM Db2 on Cloud Pak for Data to version 5.4 using the IBM Cloud Pak for Data upgrade guide.
Upgrade IBM Db2 Warehouse on Cloud Pak for Data to version 5.4 using the IBM Cloud Pak for Data upgrade guide.
After applying the patch, validate that new database creation functions without triggering a denial of service and monitor system resources for abnormal usage.

Generated by OpenCVE AI on June 22, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.ibm.com/support/pages/node/7277112

History

Mon, 22 Jun 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources.
Title		Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
First Time appeared		Ibm Ibm db2 On Cloud Pak For Data Ibm db2 Warehouse On Cloud Pak For Data
Weaknesses		CWE-770
CPEs		cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:::::::*
Vendors & Products		Ibm Ibm db2 On Cloud Pak For Data Ibm db2 Warehouse On Cloud Pak For Data
References		https://www.ibm.com/support/pages/node/7277112
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Ibm Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For Data

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-06-22T13:15:30.011Z

Updated: 2026-06-22T13:15:30.011Z

Reserved: 2024-11-30T14:47:55.533Z

Link: CVE-2024-54178

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-22T14:30:05Z

Weaknesses

CWE-770
Allocation of Resources Without Limits or Throttling

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object