CVE-2025-36372

MEDIUM

IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables

Title source: cna
STIX 2.1

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7277417

Scores

CVSS v3 5.5
EPSS 0.0030
EPSS Percentile 22.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-538
Status published
Products (3)
IBM/Db2 11.5.0 - 11.5.9
ibm/db2 11.5.0 - 11.5.9
IBM/Db2 12.1.0 - 12.1.4
Published Jun 30, 2026
Tracked Since Jul 01, 2026