CVE-2025-36006

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ibmCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
ibmdb2
10.5.0.0 ≤
𝑥
≤ 10.5.0.11
ibmdb2
10.5.0.0 ≤
𝑥
≤ 10.5.0.11
ibmdb2
10.5.0.0 ≤
𝑥
≤ 10.5.0.11
ibmdb2
11.1.0 ≤
𝑥
≤ 11.1.4.7
ibmdb2
11.1.0 ≤
𝑥
≤ 11.1.4.7
ibmdb2
11.1.0 ≤
𝑥
≤ 11.1.4.7
ibmdb2
11.5.0 ≤
𝑥
≤ 11.5.9
ibmdb2
11.5.0 ≤
𝑥
≤ 11.5.9
ibmdb2
11.5.0 ≤
𝑥
≤ 11.5.9
ibmdb2
12.1.0 ≤
𝑥
≤ 12.1.3
ibmdb2
12.1.0 ≤
𝑥
≤ 12.1.3
ibmdb2
12.1.0 ≤
𝑥
≤ 12.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://www.ibm.com/support/pages/node/7250479