IBM Db2 information disclosure_CVE-2025-36131

4.6 / 10

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.

Basic Information

ID CVE-2025-36131

Source ibm

Published Nov 7, 2025 at 18:53

Modified Nov 7, 2025 at 19:06

Affected Product

Vendor IBM

Product Db2

Version 11.1.0

Affected Versions IBM Db2 11.1.0
IBM Db2 11.5.0
IBM Db2 12.1.0

CWE Classification

CWE-359

References

www.ibm.com /support/pages/node/7250484

{
    "lastseen": "",
    "description": "IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.",
    "published": "2025-11-07T18:53:45.472Z",
    "modified": "2025-11-07T19:06:54.110Z",
    "type": "cve",
    "title": "IBM Db2 information disclosure",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7250484",
    "id": "CVE-2025-36131",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "IBM Db2 11.1.0\nIBM Db2 11.5.0\nIBM Db2 12.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Db2",
    "version": "11.1.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}