Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-36010 (GCVE-0-2025-36010)
Vulnerability from cvelistv5 – Published: 2025-07-29 18:13 – Updated: 2025-07-29 18:29
VLAI
EPSS
Title
IBM Db2 for Linux denial of service
Summary
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-833 - Deadlock
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240951 | vendor-advisorypatch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T18:29:33.720627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T18:29:45.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.1.1"
},
{
"status": "affected",
"version": "12.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-833",
"description": "CWE-833 Deadlock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T18:13:20.677Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240951"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable mod pack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease Fixed in mod pack APAR Download URL\u003cbr\u003eV12.1 V12.1.2 DT433635 \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"value": "Customers running any vulnerable mod pack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\n\n \n\nRelease Fixed in mod pack APAR Download URL\nV12.1 V12.1.2 DT433635 \nSpecial Build #62100 or later for V12.1.1 available at this link:\n\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \n\n12.1.2 Latest:\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\n \n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\n\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 for Linux denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36010",
"datePublished": "2025-07-29T18:13:20.677Z",
"dateReserved": "2025-04-15T21:16:07.862Z",
"dateUpdated": "2025-07-29T18:29:45.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-36010",
"date": "2026-06-06",
"epss": "0.00092",
"percentile": "0.2599"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-36010\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-07-29T18:15:28.733\",\"lastModified\":\"2025-08-06T19:34:24.467\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \\n\\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.\"},{\"lang\":\"es\",\"value\":\"IBM Db2 para Linux 12.1.0, 12.1.1 y 12.1.2 podr\u00edan permitir que un usuario no autenticado provoque una denegaci\u00f3n de servicio debido a segmentos ejecutables que est\u00e1n esperando que otros liberen un bloqueo necesario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-833\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"FB68EACE-0F80-448C-962E-756CF3FF6734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"BB83F549-7120-4B17-9172-F338FD427F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"703CB3FF-6DB5-432E-B469-2A90A33A5F2C\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7240951\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36010\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-29T18:29:33.720627Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-29T18:29:39.346Z\"}}], \"cna\": {\"title\": \"IBM Db2 for Linux denial of service\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*\", \"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*\", \"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*\"], \"vendor\": \"IBM\", \"product\": \"Db2\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.1.0\"}, {\"status\": \"affected\", \"version\": \"12.1.1\"}, {\"status\": \"affected\", \"version\": \"12.1.2\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Customers running any vulnerable mod pack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\\n\\n \\n\\nRelease Fixed in mod pack APAR Download URL\\nV12.1 V12.1.2 DT433635 \\nSpecial Build #62100 or later for V12.1.1 available at this link:\\n\\n https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441 \\n\\n12.1.2 Latest:\\n\\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \\n\\n \\n\\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\\n\\nNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Customers running any vulnerable mod pack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent mod pack level for each impacted release: V12.1.1 and V12.1.2. They can be applied to any affected mod pack level of the appropriate release to remediate this vulnerability.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eRelease Fixed in mod pack APAR Download URL\u003cbr\u003eV12.1 V12.1.2 DT433635 \u003cbr\u003eSpecial Build #62100 or later for V12.1.1 available at this link:\u003cbr\u003e\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\\\"\u003ehttps://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads#52441\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e12.1.2 Latest:\u003cbr\u003e\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\\\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003cbr\u003e\u003cbr\u003eNote: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7240951\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \\n\\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-833\", \"description\": \"CWE-833 Deadlock\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-07-29T18:13:20.677Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-36010\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-29T18:29:45.192Z\", \"dateReserved\": \"2025-04-15T21:16:07.862Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-07-29T18:13:20.677Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Уязвимость системы управления базами данных IBM DB2 и сервера автоматического перенаправления клиентов IBM DB2 Connect Server, связанная c взаимной блокировкой потоков выполнения, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость системы управления базами данных IBM DB2 и сервера автоматического перенаправления клиентов IBM DB2 Connect Server связана c взаимной блокировкой потоков выполнения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
IBM Corp.
Software Name
IBM DB2, IBM DB2 Connect Server
Software Version
от 12.1.0 до 12.1.2 включительно (IBM DB2), от 12.1.0 до 12.1.2 включительно (IBM DB2 Connect Server)
Possible Mitigations
Использование рекомендаций производителя:
https://www.ibm.com/support/pages/node/7240951
Reference
https://www.ibm.com/support/pages/node/7240951
CWE
CWE-833
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "IBM Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 12.1.0 \u0434\u043e 12.1.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (IBM DB2), \u043e\u0442 12.1.0 \u0434\u043e 12.1.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (IBM DB2 Connect Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.ibm.com/support/pages/node/7240951",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-09223",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-36010",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "IBM DB2, IBM DB2 Connect Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 IBM DB2 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 IBM DB2 Connect Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f c \u0432\u0437\u0430\u0438\u043c\u043d\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439 \u043f\u043e\u0442\u043e\u043a\u043e\u0432 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u0432\u0438\u0441\u0430\u043d\u0438\u0435 (CWE-833)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 IBM DB2 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 IBM DB2 Connect Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 c \u0432\u0437\u0430\u0438\u043c\u043d\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439 \u043f\u043e\u0442\u043e\u043a\u043e\u0432 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.ibm.com/support/pages/node/7240951",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-833",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CERTFR-2025-AVI-0760
Vulnerability from certfr_avis - Published: 2025-09-05 - Updated: 2025-09-05
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1 | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | WebSphere | IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132 | ||
| IBM | WebSphere | Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137 | ||
| IBM | WebSphere | Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132, | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et APAR PH67132",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2021-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2025-36047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2019-9193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2023-52933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2024-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2018-1000873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-09-05T00:00:00",
"last_revision_date": "2025-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
"url": "https://www.ibm.com/support/pages/node/7243927"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
"url": "https://www.ibm.com/support/pages/node/7243923"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
"url": "https://www.ibm.com/support/pages/node/7243924"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
"url": "https://www.ibm.com/support/pages/node/7244012"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
"url": "https://www.ibm.com/support/pages/node/7243659"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
"url": "https://www.ibm.com/support/pages/node/7244002"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
"url": "https://www.ibm.com/support/pages/node/7243582"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
"url": "https://www.ibm.com/support/pages/node/7243928"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
"url": "https://www.ibm.com/support/pages/node/7243925"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
"url": "https://www.ibm.com/support/pages/node/7244010"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
"url": "https://www.ibm.com/support/pages/node/7243922"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
"url": "https://www.ibm.com/support/pages/node/7243673"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
"url": "https://www.ibm.com/support/pages/node/7243877"
}
]
}
CERTFR-2026-AVI-0083
Vulnerability from certfr_avis - Published: 2026-01-23 - Updated: 2026-01-23
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 Big SQL versions antérieures à 8.2.1 sur Cloud Pak for Data versions antérieures à 5.3 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.3.0.x antérieures à 6.3.0.6_iFix026 pour Windows | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.3.0.x antérieures à 6.3.0.6.iFix014 pour Unix | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.4.0.x antérieures à 6.4.0.3_iFix022 pour Windows | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.2.0.x antérieures à 6.2.0.8_iFix007 pour Windows | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.4.0.x antérieures à 6.4.0.3.iFix014 pour Unix | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct versions 6.2.0.x antérieures à 6.2.0.9.iFix006 pour Unix |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 8.2.1 sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix026 pour Windows",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6.iFix014 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.3_iFix022 pour Windows",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.8_iFix007 pour Windows",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.3.iFix014 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.9.iFix006 pour Unix",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2024-49350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2025-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
},
{
"name": "CVE-2025-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-3050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2025-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-52903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
}
],
"initial_release_date": "2026-01-23T00:00:00",
"last_revision_date": "2026-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0083",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257889",
"url": "https://www.ibm.com/support/pages/node/7257889"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257852",
"url": "https://www.ibm.com/support/pages/node/7257852"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257796",
"url": "https://www.ibm.com/support/pages/node/7257796"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257891",
"url": "https://www.ibm.com/support/pages/node/7257891"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257797",
"url": "https://www.ibm.com/support/pages/node/7257797"
},
{
"published_at": "2026-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257854",
"url": "https://www.ibm.com/support/pages/node/7257854"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257888",
"url": "https://www.ibm.com/support/pages/node/7257888"
}
]
}
Title
IBM Db2拒绝服务漏洞(CNVD-2025-18013)
Description
IBM Db2是IBM公司的一款关系型数据库管理系统,支持Linux等多种操作系统。
IBM Db2 for Linux 12.1.0、12.1.1及12.1.2版本存在拒绝服务漏洞,该漏洞源于可执行段之间相互等待释放必要锁。攻击者可利用该漏洞通过未授权访问触发死锁,导致数据库服务不可用。
Severity
中
Patch Name
IBM Db2拒绝服务漏洞(CNVD-2025-18013)的补丁
Patch Description
IBM Db2是IBM公司的一款关系型数据库管理系统,支持Linux等多种操作系统。
IBM Db2 for Linux 12.1.0、12.1.1及12.1.2版本存在拒绝服务漏洞,该漏洞源于可执行段之间相互等待释放必要锁。攻击者可利用该漏洞通过未授权访问触发死锁,导致数据库服务不可用。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://www.ibm.com/support/pages/node/7240951
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-36010
Impacted products
| Name | ['IBM DB2 for Linux 12.1.0', 'IBM DB2 for Linux 12.1.1', 'IBM DB2 for Linux 12.1.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-36010",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-36010"
}
},
"description": "IBM Db2\u662fIBM\u516c\u53f8\u7684\u4e00\u6b3e\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301Linux\u7b49\u591a\u79cd\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nIBM Db2 for Linux 12.1.0\u300112.1.1\u53ca12.1.2\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53ef\u6267\u884c\u6bb5\u4e4b\u95f4\u76f8\u4e92\u7b49\u5f85\u91ca\u653e\u5fc5\u8981\u9501\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6388\u6743\u8bbf\u95ee\u89e6\u53d1\u6b7b\u9501\uff0c\u5bfc\u81f4\u6570\u636e\u5e93\u670d\u52a1\u4e0d\u53ef\u7528\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a \r\nhttps://www.ibm.com/support/pages/node/7240951",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-18013",
"openTime": "2025-08-05",
"patchDescription": "IBM Db2\u662fIBM\u516c\u53f8\u7684\u4e00\u6b3e\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301Linux\u7b49\u591a\u79cd\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nIBM Db2 for Linux 12.1.0\u300112.1.1\u53ca12.1.2\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53ef\u6267\u884c\u6bb5\u4e4b\u95f4\u76f8\u4e92\u7b49\u5f85\u91ca\u653e\u5fc5\u8981\u9501\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6388\u6743\u8bbf\u95ee\u89e6\u53d1\u6b7b\u9501\uff0c\u5bfc\u81f4\u6570\u636e\u5e93\u670d\u52a1\u4e0d\u53ef\u7528\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM Db2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-18013\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"IBM DB2 for Linux 12.1.0",
"IBM DB2 for Linux 12.1.1",
"IBM DB2 for Linux 12.1.2"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-36010",
"serverity": "\u4e2d",
"submitTime": "2025-07-30",
"title": "IBM Db2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-18013\uff09"
}
FKIE_CVE-2025-36010
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-06 19:34
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240951 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "FB68EACE-0F80-448C-962E-756CF3FF6734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "BB83F549-7120-4B17-9172-F338FD427F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:linux:*:*",
"matchCriteriaId": "703CB3FF-6DB5-432E-B469-2A90A33A5F2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock."
},
{
"lang": "es",
"value": "IBM Db2 para Linux 12.1.0, 12.1.1 y 12.1.2 podr\u00edan permitir que un usuario no autenticado provoque una denegaci\u00f3n de servicio debido a segmentos ejecutables que est\u00e1n esperando que otros liberen un bloqueo necesario."
}
],
"id": "CVE-2025-36010",
"lastModified": "2025-08-06T19:34:24.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T18:15:28.733",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240951"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-833"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
GHSA-Q9X9-MHF5-VMMM
Vulnerability from github – Published: 2025-07-29 18:30 – Updated: 2025-07-29 18:30
VLAI
Details
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-36010"
],
"database_specific": {
"cwe_ids": [
"CWE-833"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-29T18:15:28Z",
"severity": "MODERATE"
},
"details": "IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 \n\ncould allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.",
"id": "GHSA-q9x9-mhf5-vmmm",
"modified": "2025-07-29T18:30:36Z",
"published": "2025-07-29T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36010"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7240951"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2025-1675
Vulnerability from csaf_certbund - Published: 2025-07-29 22:00 - Updated: 2025-11-11 23:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.2.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1
|
Key Lifecycle Manager 4.2.1 | |
|
IBM Tivoli Business Service Manager 6.2.0
IBM / Tivoli Business Service Manager
|
cpe:/a:ibm:tivoli_business_service_manager:6.2.0
|
6.2.0 | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Security Guardium Key Lifecycle Manager 4.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1
|
Key Lifecycle Manager 4.1 | |
|
IBM Security Guardium Key Lifecycle Manager 4.2
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2
|
Key Lifecycle Manager 4.2 | |
|
IBM Security Guardium Key Lifecycle Manager 4.1.1
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1
|
Key Lifecycle Manager 4.1.1 | |
|
IBM Security Guardium Key Lifecycle Manager 5.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0
|
Key Lifecycle Manager 5.0 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, und um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1675 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1675.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1675 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1675"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240955"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240943"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240944"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240945"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240947"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240949"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240951"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240952"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240953"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240940"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7242144 vom 2025-08-14",
"url": "https://www.ibm.com/support/pages/node/7242144"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-10-24",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123933"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249214 vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249214"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-11T23:00:00.000+00:00",
"generator": {
"date": "2025-11-12T06:47:54.423+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1675",
"initial_release_date": "2025-07-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL und IBM aufgenommen"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: EUVD-2025-93533"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019294",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T045745",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Key Lifecycle Manager 4.1",
"product": {
"name": "IBM Security Guardium Key Lifecycle Manager 4.1",
"product_id": "T021031",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1"
}
}
},
{
"category": "product_version",
"name": "Key Lifecycle Manager 4.2",
"product": {
"name": "IBM Security Guardium Key Lifecycle Manager 4.2",
"product_id": "T027545",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2"
}
}
},
{
"category": "product_version",
"name": "Key Lifecycle Manager 4.1.1",
"product": {
"name": "IBM Security Guardium Key Lifecycle Manager 4.1.1",
"product_id": "T029696",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1"
}
}
},
{
"category": "product_version",
"name": "Key Lifecycle Manager 4.2.1",
"product": {
"name": "IBM Security Guardium Key Lifecycle Manager 4.2.1",
"product_id": "T032873",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1"
}
}
},
{
"category": "product_version",
"name": "Key Lifecycle Manager 5.0",
"product": {
"name": "IBM Security Guardium Key Lifecycle Manager 5.0",
"product_id": "T044420",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version",
"name": "6.2.0",
"product": {
"name": "IBM Tivoli Business Service Manager 6.2.0",
"product_id": "T014092",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0"
}
}
}
],
"category": "product_name",
"name": "Tivoli Business Service Manager"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-49828",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2024-49828"
},
{
"cve": "CVE-2024-51473",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2024-51473"
},
{
"cve": "CVE-2024-52894",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2024-52894"
},
{
"cve": "CVE-2025-24970",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-2533",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-2533"
},
{
"cve": "CVE-2025-33114",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-33114"
},
{
"cve": "CVE-2025-33143",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-33143"
},
{
"cve": "CVE-2025-33186",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-33186"
},
{
"cve": "CVE-2025-36010",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-36010"
},
{
"cve": "CVE-2025-36071",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-36071"
},
{
"cve": "CVE-2025-33092",
"product_status": {
"known_affected": [
"T045745",
"T032873",
"T014092",
"T019294",
"T021031",
"T027545",
"T029696",
"T044420"
]
},
"release_date": "2025-07-29T22:00:00.000+00:00",
"title": "CVE-2025-33092"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…