Severity
Medium
Analysis Summary
CVE-2024-47118 CVSS:6.5
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2025-2534 CVSS:5.3
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2025-33012 CVSS:6.3
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
CVE-2025-36186 CVSS:7.4
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
CVE-2025-36185 CVSS:6.2
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
Impact
- Denial of Service
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2024-47118
CVE-2025-2534
CVE-2025-33012
CVE-2025-36186
CVE-2025-36185
Affected Vendors
- IBM
Affected Products
- IBM Db2 10.5.0
- IBM Db2 11.1.0
- IBM Db2 11.1.4.7
- IBM Db2 11.5.0
- IBM Db2 11.5.9
- IBM Db2 12.1.0
- IBM Db2 10.5.11
- IBM Db2 12.1.3
- IBM Db2 12.1.2
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.