Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2025-2532
Vulnerability from csaf_certbund - Published: 2025-11-09 23:00 - Updated: 2025-12-09 23:00Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, und um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, und um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2532 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2532.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2532 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2532"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250469"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250470"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250472"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250473"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250479"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250482"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250483"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250484"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250485"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250486"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-09",
"url": "https://www.ibm.com/support/pages/node/7250487"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7254288 vom 2025-12-10",
"url": "https://www.ibm.com/support/pages/node/7254288"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-09T23:00:00.000+00:00",
"generator": {
"date": "2025-12-10T10:49:59.864+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2532",
"initial_release_date": "2025-11-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T048379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Key Lifecycle Manager",
"product": {
"name": "IBM Tivoli Key Lifecycle Manager",
"product_id": "T026238",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2024-47118",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2024-47118"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-2534",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-2534"
},
{
"cve": "CVE-2025-33012",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-33012"
},
{
"cve": "CVE-2025-33134",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-33134"
},
{
"cve": "CVE-2025-36006",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-36006"
},
{
"cve": "CVE-2025-36008",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-36008"
},
{
"cve": "CVE-2025-36131",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-36131"
},
{
"cve": "CVE-2025-36136",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-36136"
},
{
"cve": "CVE-2025-36185",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-36185"
},
{
"cve": "CVE-2025-36186",
"product_status": {
"known_affected": [
"T026238",
"T048379"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-36186"
}
]
}
CVE-2023-1370 (GCVE-0-2023-1370)
Vulnerability from cvelistv5 – Published: 2023-03-13 09:04 – Updated: 2025-02-27 19:09
VLAI?
EPSS
Title
Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON
Summary
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.
It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
Severity ?
7.5 (High)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| json-smart | json-smart |
Affected:
0 , < 2.4.9
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:10.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T19:09:38.903630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:09:50.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com",
"packageName": "net.minidev:json-smart",
"product": "json-smart",
"vendor": "json-smart",
"versions": [
{
"lessThan": "2.4.9",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\u003c/p\u003e\u003cp\u003eWhen reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively.\u003c/p\u003e\u003cp\u003eIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.\u003c/p\u003e"
}
],
"value": "[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\n\nWhen reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively.\n\nIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:09.457Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON"
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2023-1370",
"datePublished": "2023-03-13T09:04:36.365Z",
"dateReserved": "2023-03-13T08:35:00.695Z",
"dateUpdated": "2025-02-27T19:09:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2534 (GCVE-0-2025-2534)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:36 – Updated: 2025-11-07 18:56
VLAI?
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity ?
5.3 (Medium)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 |
Affected:
11.1.0 , ≤ 11.1.4.7
(semver)
Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T18:56:17.091538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:56:31.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:36:49.488Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250472"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.1 TBD DT422178 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT422178 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT422178 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.1 TBD DT422178 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT422178 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT422178 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2534",
"datePublished": "2025-11-07T18:36:49.488Z",
"dateReserved": "2025-03-19T15:25:51.261Z",
"dateUpdated": "2025-11-07T18:56:31.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36006 (GCVE-0-2025-36006)
Vulnerability from cvelistv5 – Published: 2025-11-07 19:04 – Updated: 2025-11-07 19:15
VLAI?
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
Severity ?
6.5 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0 , ≤ 10.5.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T19:15:11.662526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T19:15:29.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.\u003c/p\u003e"
}
],
"value": "IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T19:04:05.595Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250479"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT422191 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT422191 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT422191 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT422191 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT422191 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT422191 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT422191 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT422191 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWorkarounds and Mitigations For\u00a0JCC\u00a0applications,\u00a0set\u00a0queryCloseImplicit\u00a0property\u00a0to\u00a02\u00a0for\u00a0the\u00a0connections. For, CLI and ODBC applications, set SQL_ATTR_EARLYCLOSE property to SQL_EARLYCLOSE_OFF for the statements. Manually recycle connections either by forcing the application handles or by making an application side change (a refresh of the connection pool). You can find the application handles that use most FCM buffers by running\u00a0db2pd -fcm -member x\u00a0\u00a0(look for the highest buffer consumer) and then force.\u003c/p\u003e"
}
],
"value": "Workarounds and Mitigations For\u00a0JCC\u00a0applications,\u00a0set\u00a0queryCloseImplicit\u00a0property\u00a0to\u00a02\u00a0for\u00a0the\u00a0connections. For, CLI and ODBC applications, set SQL_ATTR_EARLYCLOSE property to SQL_EARLYCLOSE_OFF for the statements. Manually recycle connections either by forcing the application handles or by making an application side change (a refresh of the connection pool). You can find the application handles that use most FCM buffers by running\u00a0db2pd -fcm -member x\u00a0\u00a0(look for the highest buffer consumer) and then force."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36006",
"datePublished": "2025-11-07T19:04:05.595Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-11-07T19:15:29.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36185 (GCVE-0-2025-36185)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:40 – Updated: 2025-11-07 18:52
VLAI?
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
Severity ?
6.2 (Medium)
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T18:51:35.959067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:52:26.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.1.2",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.\u003c/p\u003e"
}
],
"value": "IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:40:59.591Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250487"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V12.1 NA DT440596 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V12.1 NA DT440596 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWorkarounds and Mitigations Provide a complete \u0027create wrapper\u0027 statement with the \u0027options\u0027 clause.\u003c/p\u003e"
}
],
"value": "Workarounds and Mitigations Provide a complete \u0027create wrapper\u0027 statement with the \u0027options\u0027 clause."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36185",
"datePublished": "2025-11-07T18:40:59.591Z",
"dateReserved": "2025-04-15T21:16:23.420Z",
"dateUpdated": "2025-11-07T18:52:26.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47118 (GCVE-0-2024-47118)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:23 – Updated: 2025-11-07 18:48
VLAI?
EPSS
Title
IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query
Summary
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0 , ≤ 10.5.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T18:47:40.648662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:48:16.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/p\u003e"
}
],
"value": "IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:23:07.665Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250473"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT398093 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT398093 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT398093 Special Build #69673 or later for V11.5.9 available at this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e V12.1 V12.1.3 DT398093 Special Build #70120 or later for V12.1.2 available at this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT398093 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT398093 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT398093 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT398093 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-47118",
"datePublished": "2025-11-07T18:23:07.665Z",
"dateReserved": "2024-09-18T19:27:02.822Z",
"dateUpdated": "2025-11-07T18:48:16.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36186 (GCVE-0-2025-36186)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:40 – Updated: 2025-11-08 04:55
VLAI?
EPSS
Title
IBM Db2 privilege escalation
Summary
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
Severity ?
7.4 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T04:55:21.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.\u003c/p\u003e"
}
],
"value": "IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:40:32.478Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250486"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V12.1 V12.1.3 DT445866 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V12.1 V12.1.3 DT445866 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 privilege escalation",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36186",
"datePublished": "2025-11-07T18:40:32.478Z",
"dateReserved": "2025-04-15T21:16:23.420Z",
"dateUpdated": "2025-11-08T04:55:21.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-57699 (GCVE-0-2024-57699)
Vulnerability from cvelistv5 – Published: 2025-02-05 00:00 – Updated: 2025-02-06 15:15
VLAI?
EPSS
Summary
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:14:00.482073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:15:17.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of \u2019{\u2019, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:38:33.811Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
},
{
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57699",
"datePublished": "2025-02-05T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-06T15:15:17.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36008 (GCVE-0-2025-36008)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:57 – Updated: 2025-11-07 19:10
VLAI?
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T19:09:43.009024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T19:10:03.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:58:31.728Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250482"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.5 TBD DT423510 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT423510 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.5 TBD DT423510 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT423510 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36008",
"datePublished": "2025-11-07T18:57:09.615Z",
"dateReserved": "2025-04-15T21:16:05.533Z",
"dateUpdated": "2025-11-07T19:10:03.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36131 (GCVE-0-2025-36131)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:53 – Updated: 2025-11-07 19:06
VLAI?
EPSS
Title
IBM Db2 information disclosure
Summary
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.
Severity ?
4.6 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 |
Affected:
11.1.0 , ≤ 11.1.4.7
(semver)
Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T19:04:56.110614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T19:06:54.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:53:45.472Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250484"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.1 TBD DT425312 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT425312 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT425312 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.1 TBD DT425312 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT425312 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT425312 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 information disclosure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWorkarounds and Mitigations USE CLPPLUS tool using \u0026quot;clpplus\u0026quot; option.(without using \u0026quot;-nw\u0026quot;) Note: only \u0026quot;clpplus -nw\u0026quot; is having this issue. if you start clpplus that uses just \u0026quot;clpplus\u0026quot; command then new terminal will be opened and you can continue working as usual. Problem happens when only \u0026quot;-nw\u0026quot; option is used with clpplus command For example \u0026quot;clpplus -nw\u0026quot; (no windows) option.\u003c/p\u003e"
}
],
"value": "Workarounds and Mitigations USE CLPPLUS tool using \"clpplus\" option.(without using \"-nw\") Note: only \"clpplus -nw\" is having this issue. if you start clpplus that uses just \"clpplus\" command then new terminal will be opened and you can continue working as usual. Problem happens when only \"-nw\" option is used with clpplus command For example \"clpplus -nw\" (no windows) option."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36131",
"datePublished": "2025-11-07T18:53:45.472Z",
"dateReserved": "2025-04-15T21:16:19.007Z",
"dateUpdated": "2025-11-07T19:06:54.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36136 (GCVE-0-2025-36136)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:45 – Updated: 2025-11-07 18:53
VLAI?
EPSS
Title
IBM denial of service
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.
Severity ?
5.1 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T18:52:54.678980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:53:53.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.\u003c/p\u003e"
}
],
"value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:46:22.886Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250485"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.5 TBD DT435369 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT435369 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V11.5 TBD DT435369 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT435369 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM denial of service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWorkarounds and Mitigations Ensure there is no other process that may be accessing or viewing the db2V115_start.ksh script by it\u0027s full path, or that has the instance name in it\u0027s command line with the script for any reason.\u003c/p\u003e"
}
],
"value": "Workarounds and Mitigations Ensure there is no other process that may be accessing or viewing the db2V115_start.ksh script by it\u0027s full path, or that has the instance name in it\u0027s command line with the script for any reason."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36136",
"datePublished": "2025-11-07T18:45:46.550Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-11-07T18:53:53.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33012 (GCVE-0-2025-33012)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:38 – Updated: 2025-11-07 18:56
VLAI?
EPSS
Title
IBM Db2 improper account lockout
Summary
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
Severity ?
6.3 (Medium)
CWE
- CWE-324 - Use of a Key Past its Expiration Date
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 |
Affected:
10.5.0 , ≤ 10.5.11
(semver)
Affected: 11.1.0 , ≤ 11.1.4.7 (semver) Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T18:55:58.555081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:56:16.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:10.5.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.1.4.7",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.9",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.\u003c/p\u003e"
}
],
"value": "IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324 Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:38:29.123Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT435638 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT435638 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT435638 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT435638 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Customers running any vulnerable affected level of an affected Program, V10.5, V11.1, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V10.5 FP11, V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability. Release Fixed in mod pack APAR Download URL V10.5 TBD DT435638 Special Build for V10.5.11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 big endian Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V11.1 TBD DT435638 Special Build for V11.1.4.7: AIX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER\u2122 little endian Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae Solaris 64-bit, SPARC Windows 32-bit, x86 Windows 64-bit, x86 V11.5 TBD DT435638 Special Build #69673 or later for V11.5.9 available at this link: https://www.ibm.com/support/pages/node/7087189 V12.1 V12.1.3 DT435638 Special Build #70120 or later for V12.1.2 available at this link: https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability. Note: After December 31, 2025, 11.1 and 10.5 versions of Db2 will not have security fixes made available as they will reach EoS."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 improper account lockout",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33012",
"datePublished": "2025-11-07T18:38:29.123Z",
"dateReserved": "2025-04-15T09:48:51.519Z",
"dateUpdated": "2025-11-07T18:56:16.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…