Back to overview

CVE-2025-36372

MEDIUM
5.5
CVSS 3.1
Description
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.

Metadata

CVE ID
CVE-2025-36372
State
PUBLISHED
Assigner
ibm
Reserved
2025-04-15 21:16 UTC
Published
2026-06-30 20:03 UTC
Last updated
2026-06-30 20:03 UTC
Primary CWE
CWE-538
CWE-538 Insertion of Sensitive Information into Externally-A…
Vendor / Product
IBM / Db2
Sources
cve.org  ·  NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
IBM Db2 11.5.0 ≤ 11.5.9, 12.1.0 ≤ 12.1.4
Weakness (CWE)
CWESourceDescription
CWE-538 cna CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.5 MEDIUM 3.1 cna CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Back to overview