PT-2025-45494 · Ibm · Ibm Db2+1
Published
2025-11-07
·
Updated
2025-11-19
·
CVE-2025-36131
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Db2 versions 11.1.0 through 11.1.4.7
IBM Db2 versions 11.5.0 through 11.5.9
IBM Db2 versions 12.1.0 through 12.1.3
Description
The
clpplus command in IBM Db2 can reveal user credentials on the terminal, potentially allowing a third party with physical access to the system to obtain them. The issue affects systems running on Linux, UNIX, and Windows, including Db2 Connect Server.Recommendations
IBM Db2 versions 11.1.0 through 11.1.4.7 should be updated.
IBM Db2 versions 11.5.0 through 11.5.9 should be updated.
IBM Db2 versions 12.1.0 through 12.1.3 should be updated.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Db2 Connect Server
Ibm Db2