HIGH🇬🇧 English

CVE-2025-36247

CVSS 7.1v3.1pub. 2026-02-17upd. 2026-02-18

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  • IBM Db2

    APP
    Ibm
    11.5.0 – 11.5.912.1.0 – 12.1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2026-10109CRITICAL9.8ten sam produkt

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to imprope...

CVE-2026-1718HIGH7.1ten sam produkt

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially...

CVE-2025-36184HIGH7.2ten sam produkt

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owne...

CVE-2025-36384HIGH8.4ten sam produkt

IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privile...

CVE-2025-36186HIGH7.4ten sam produkt

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configu...