CVE Catalog

CVE-2025-36372

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

A vulnerability in IBM Db2 allows an authenticated user to read sensitive information from monitoring and event tables. It affects versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 on Linux, UNIX, and Windows.

Risk Assessment

The risk involves unauthorized access to confidential data such as configuration or application data, potentially compromising confidentiality and leading to information disclosure.

Recommendation

It is recommended to immediately upgrade IBM Db2 to the latest patched version and restrict access permissions to monitoring and event tables.

Original NVD description (English source)

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS