CVE-2025-33012
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Db2 | 10.5.0 <= 10.5.11 | affected |
| IBM | Db2 | 11.1.0 <= 11.1.4.7 | affected |
| IBM | Db2 | 11.5.0 <= 11.5.9 | affected |
| IBM | Db2 | 12.1.0 <= 12.1.3 | affected |
Weaknesses
- CWE-324: CWE-324 Use of a Key Past its Expiration Date
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.