7.5

CVE-2025-36365

Medienbericht

IBM Db2 Privilege Escalation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDb2 SwPlatformlinux Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformunix Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformwindows Version >= 11.5.0 <= 11.5.9
IbmDb2 SwPlatformlinux Version >= 12.1.0 <= 12.1.3
IbmDb2 SwPlatformunix Version >= 12.1.0 <= 12.1.3
IbmDb2 SwPlatformwindows Version >= 12.1.0 <= 12.1.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.172
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com 6.8 1.6 5.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
02.02.2026 09:52
https://www.ibm.com/support/pages/node/7257665
Patch
Vendor Advisory