8.8

CVE-2025-33012

Medienbericht

IBM Db2 improper account lockout

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 SwPlatformlinux Version >= 10.5.0.0 <= 10.5.0.11
IbmDb2 SwPlatformlinux Version >= 11.1.0 <= 11.1.4.7
IbmDb2 SwPlatformlinux Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformlinux Version >= 12.1.0 <= 12.1.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-324 Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.