4.6

CVE-2025-36131

Medienbericht

IBM Db2 information disclosure

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 SwPlatformlinux Version >= 11.1.0 <= 11.1.4.7
IbmDb2 SwPlatformunix Version >= 11.1.0 <= 11.1.4.7
IbmDb2 SwPlatformwindows Version >= 11.1.0 <= 11.1.4.7
IbmDb2 SwPlatformlinux Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformunix Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformwindows Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformlinux Version >= 12.1.0 <= 12.1.3
IbmDb2 SwPlatformunix Version >= 12.1.0 <= 12.1.3
IbmDb2 SwPlatformwindows Version >= 12.1.0 <= 12.1.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.038
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.