Home

Description

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.

PUBLISHED Reserved 2025-04-15 | Published 2025-11-07 | Updated 2025-11-07 | Assigner ibm




MEDIUM: 4.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

Product status

Default status
unaffected

11.1.0 (semver)
affected

11.5.0 (semver)
affected

12.1.0 (semver)
affected

References

www.ibm.com/support/pages/node/7250484 vendor-advisory patch

cve.org (CVE-2025-36131)

nvd.nist.gov (CVE-2025-36131)

Download JSON