CVE-2026-3676

MEDIUM

There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Title source: cna
STIX 2.1

Description

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7273649

Scores

CVSS v3 6.5
EPSS 0.0040
EPSS Percentile 31.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1284
Status published
Products (3)
IBM/Cloud APM, Advanced Private 8.1.4
IBM/Cloud APM, Base Private 8.1.4 - ) Interim Fix 021
ibm/cloud_application_performance_managemen 8.1.4 (2 CPE variants)
Published May 27, 2026
Tracked Since May 27, 2026