CVE-2025-13108

EPSS 0.04%
Veröffentlicht 17.02.2026 19:11:18
Zuletzt bearbeitet 26.02.2026 23:11:08
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Db2 Merge Backup Version12.1.0.0 SwPlatformlinux

Ibm ≫ Db2 Merge Backup Version12.1.0.0 SwPlatformunix

Ibm ≫ Db2 Merge Backup Version12.1.0.0 SwPlatformwindows

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-226 Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

https://www.ibm.com/support/pages/node/7260043

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-13108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13108

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13108