cve-2025-1493
Vulnerability from cvelistv5
Published
2025-05-05 20:57
Modified
2025-05-06 02:53
Severity ?
EPSS score ?
Summary
IBM Db2 denial of service
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T02:53:03.414612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T02:53:12.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:12.1.1:*:*:*:*:zos:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.1.1",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \n\n\n\n\n\ncould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T20:57:52.656Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232518"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers running any vulnerable fixpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V12.1. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability."
}
],
"value": "Customers running any vulnerable fixpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V12.1. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1493",
"datePublished": "2025-05-05T20:57:52.656Z",
"dateReserved": "2025-02-20T02:17:48.808Z",
"dateUpdated": "2025-05-06T02:53:12.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-1493\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-05-05T21:15:47.263\",\"lastModified\":\"2025-05-07T14:13:35.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 \\n\\n\\n\\n\\n\\ncould allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.\"},{\"lang\":\"es\",\"value\":\"IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 12.1.0 a 12.1.1 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio debido a la ejecuci\u00f3n simult\u00e1nea de recursos compartidos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7232518\",\"source\":\"psirt@us.ibm.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.