6.5
CVE-2025-2669
- EPSS 0.2%
- Veröffentlicht 22.06.2026 13:18:42
- Zuletzt bearbeitet 30.06.2026 15:46:55
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Db2 Warehouse Version >= 4.8 < 5.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.096 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
| psirt@us.ibm.com | 6 | 1.2 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://www.ibm.com/support/pages/node/7277112