Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Local access with low-privilege Db2 authentication required; impact is purely confidential data exposure with no integrity or availability effect.
Primary rating from Vendor (us).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.
AnalysisAI
IBM Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.4 expose sensitive information through internal monitoring and event tables to authenticated low-privilege local users, a consequence of CWE-538 where sensitive data is inserted into storage locations accessible beyond the intended trust boundary. The CVSS vector confirms local-only attack surface (AV:L) with low-privilege authentication (PR:L) and high confidentiality impact, making this most relevant to insider threat scenarios or post-compromise lateral movement in multi-tenant Db2 environments. No public exploit code exists and the vulnerability is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.
Technical ContextAI
IBM Db2 is an enterprise-grade relational database management system (RDBMS) deployed broadly on Linux, UNIX, and Windows, including Db2 Connect Server configurations that broker connectivity between clients and mainframe or distributed databases. The affected component is Db2's internal monitoring and event infrastructure - specifically the monitoring (MON_) and event tables used for diagnostics, performance tracking, and database telemetry. CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory) identifies the root cause class: sensitive artifacts - potentially including SQL query text, connection parameters, authentication tokens, or configuration details - are written into these tables without adequate access controls, making them visible to authenticated users beyond the intended administrative trust boundary. The scope is limited to the vulnerable system (S:U), with no lateral propagation to adjacent systems implied by the CVSS vector.
RemediationAI
Consult the IBM support advisory at https://www.ibm.com/support/pages/node/7277417 for the official patch; an exact fixed version number was not included in the available intelligence and should be confirmed directly from IBM. Patch available per vendor advisory. As a compensating control pending patch application, use Db2 GRANT/REVOKE DDL to restrict SELECT access on monitoring and event tables (MON_ table functions and event monitor tables) to only DBADM or SYSADM roles, preventing low-privilege users from querying them. Review existing access using SYSCAT.TABAUTH to identify over-permissioned grantees. Note that restricting monitoring table access may break third-party monitoring tools or DBA scripts that depend on querying those tables under a service account - audit tool dependencies before applying access controls.
Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary co
Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges d
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execu
Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific con
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or han
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could
Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of specia
Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of specia
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by exe
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210373
GHSA-849g-4qqp-r4r8