Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for db2_merge_backup by ibm

    CVE-2025-33130 (GCVE-0-2025-33130)

    Vulnerability from nvd – Published: 2026-02-17 19:14 – Updated: 2026-02-17 19:50
    VLAI
    Title
    Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
    Summary
    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260043 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DB2 Merge Backup for Linux, UNIX and Windows Affected: 12.1.0.0 , ≤ 2.1.0 (semver)
        cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:50:18.284060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T19:50:33.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
              ],
              "product": "DB2 Merge Backup for Linux, UNIX and Windows",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.\u003c/p\u003e"
                }
              ],
              "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:14:58.095Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
                }
              ],
              "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
            }
          ],
          "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33130",
        "datePublished": "2026-02-17T19:14:48.468Z",
        "dateReserved": "2025-04-15T17:51:11.506Z",
        "dateUpdated": "2026-02-17T19:50:33.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33124 (GCVE-0-2025-33124)

    Vulnerability from nvd – Published: 2026-02-17 19:13 – Updated: 2026-02-17 19:51
    VLAI
    Title
    Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
    Summary
    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260043 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DB2 Merge Backup for Linux, UNIX and Windows Affected: 12.1.0.0 , ≤ 2.1.0 (semver)
        cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:51:14.970177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T19:51:24.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
              ],
              "product": "DB2 Merge Backup for Linux, UNIX and Windows",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.\u003c/p\u003e"
                }
              ],
              "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:13:21.530Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
                }
              ],
              "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
            }
          ],
          "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33124",
        "datePublished": "2026-02-17T19:13:21.530Z",
        "dateReserved": "2025-04-15T17:50:56.613Z",
        "dateUpdated": "2026-02-17T19:51:24.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13108 (GCVE-0-2025-13108)

    Vulnerability from nvd – Published: 2026-02-17 19:11 – Updated: 2026-02-26 21:42
    VLAI
    Title
    Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
    Summary
    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260043 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DB2 Merge Backup for Linux, UNIX and Windows Affected: 12.1.0.0 , ≤ 2.1.0 (semver)
        cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:52:07.537801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-226",
                    "description": "CWE-226 Sensitive Information in Resource Not Removed Before Reuse",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T21:42:41.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
              ],
              "product": "DB2 Merge Backup for Linux, UNIX and Windows",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:11:18.442Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
                }
              ],
              "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
            }
          ],
          "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13108",
        "datePublished": "2026-02-17T19:11:18.442Z",
        "dateReserved": "2025-11-12T22:27:04.622Z",
        "dateUpdated": "2026-02-26T21:42:41.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33130 (GCVE-0-2025-33130)

    Vulnerability from cvelistv5 – Published: 2026-02-17 19:14 – Updated: 2026-02-17 19:50
    VLAI
    Title
    Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
    Summary
    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260043 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DB2 Merge Backup for Linux, UNIX and Windows Affected: 12.1.0.0 , ≤ 2.1.0 (semver)
        cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:50:18.284060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T19:50:33.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
              ],
              "product": "DB2 Merge Backup for Linux, UNIX and Windows",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.\u003c/p\u003e"
                }
              ],
              "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:14:58.095Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
                }
              ],
              "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
            }
          ],
          "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33130",
        "datePublished": "2026-02-17T19:14:48.468Z",
        "dateReserved": "2025-04-15T17:51:11.506Z",
        "dateUpdated": "2026-02-17T19:50:33.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33124 (GCVE-0-2025-33124)

    Vulnerability from cvelistv5 – Published: 2026-02-17 19:13 – Updated: 2026-02-17 19:51
    VLAI
    Title
    Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
    Summary
    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260043 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DB2 Merge Backup for Linux, UNIX and Windows Affected: 12.1.0.0 , ≤ 2.1.0 (semver)
        cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:51:14.970177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T19:51:24.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
              ],
              "product": "DB2 Merge Backup for Linux, UNIX and Windows",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.\u003c/p\u003e"
                }
              ],
              "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:13:21.530Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
                }
              ],
              "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
            }
          ],
          "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33124",
        "datePublished": "2026-02-17T19:13:21.530Z",
        "dateReserved": "2025-04-15T17:50:56.613Z",
        "dateUpdated": "2026-02-17T19:51:24.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13108 (GCVE-0-2025-13108)

    Vulnerability from cvelistv5 – Published: 2026-02-17 19:11 – Updated: 2026-02-26 21:42
    VLAI
    Title
    Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
    Summary
    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7260043 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DB2 Merge Backup for Linux, UNIX and Windows Affected: 12.1.0.0 , ≤ 2.1.0 (semver)
        cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:52:07.537801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-226",
                    "description": "CWE-226 Sensitive Information in Resource Not Removed Before Reuse",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T21:42:41.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
              ],
              "product": "DB2 Merge Backup for Linux, UNIX and Windows",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:11:18.442Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7260043"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
                }
              ],
              "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
            }
          ],
          "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13108",
        "datePublished": "2026-02-17T19:11:18.442Z",
        "dateReserved": "2025-11-12T22:27:04.622Z",
        "dateUpdated": "2026-02-26T21:42:41.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }