CVE-2025-36008

Medienbericht

EPSS 0.07%
Veröffentlicht 07.11.2025 19:16:23
Zuletzt bearbeitet 19.11.2025 16:28:54
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Db2 denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Db2 SwPlatformlinux Version >= 11.5.0 <= 11.5.9

Ibm ≫ Db2 SwPlatformunix Version >= 11.5.0 <= 11.5.9

Ibm ≫ Db2 SwPlatformwindows Version >= 11.5.0 <= 11.5.9

Ibm ≫ Db2 SwPlatformlinux Version >= 12.1.0 <= 12.1.3

Ibm ≫ Db2 SwPlatformunix Version >= 12.1.0 <= 12.1.3

Ibm ≫ Db2 SwPlatformwindows Version >= 12.1.0 <= 12.1.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.213

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.heise.de/news/Root-Sicherheitsluecke-bedroht-IBMs-Datenbanksystem-Db2-11073372.html

Media Report

https://www.ibm.com/support/pages/node/7250482

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36008

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36008

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36008

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-36008