{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-39724","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-06-28T09:34:20.322Z","datePublished":"2026-02-04T20:52:21.777Z","dateUpdated":"2026-02-04T21:30:20.090Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:big_sql:7.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:big_sql:7.8:*:*:*:*:*:*:*"],"product":"Db2 Big SQL on Cloud Pak for Data","vendor":"IBM","versions":[{"lessThanOrEqual":"2.1.0","status":"affected","version":"IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8","versionType":"semver"},{"status":"affected","version":"IBM Db2 Big SQL 7.7 on Cloud Pak for Data 5.0"},{"status":"affected","version":"IBM Db2 Big SQL 7.8 on Cloud Pak for Data 5.1"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.

"}],"value":"IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770 Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-02-04T21:30:20.090Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7257907"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"


The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for Upgrading Cloud Pak for Data and Upgrading the Db2 Big SQL service.

"}],"value":"The recommended solution to address this vulnerability is to upgrade IBM Db2 Big SQL to version 8.2 or later available on IBM Cloud Pak for Data 5.2 or later by following the instructions for Upgrading Cloud Pak for Data https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x  and Upgrading the Db2 Big SQL https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x  service."}],"title":"IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API","x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-04T21:15:59.832540Z","id":"CVE-2024-39724","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-04T21:16:13.109Z"}}]}}