IBM Db2
Easy fix3 remedies
cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*, +6 more
Easy fix3 remedies
- >= 11.5.0, <= 11.5.9
- >= 12.1.0, <= 12.1.4
IBM Db2 Credential Exposure Vulnerability in Log Files
Vulnerability
Patched
A vulnerability exists in IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 for Linux, UNIX, and Windows, including DB2 Connect Server. The issue arises because Db2 logs potentially sensitive information that could be accessed by a local user. This vulnerability is categorized under CWE-532: Insertion of Sensitive Information into Log File.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as credentials, stored in log files.
Remediation
Users can download a special build containing the interim fix for this vulnerability from Fix Central. For Db2 version 11.5, the special build #81937 or later is available. For Db2 version 12.1, the special build #83501 or later can be obtained. Instructions for downloading these builds are available on the IBM Support website.
Added: May 26, 2026, 11:28 PM
Updated: May 26, 2026, 11:28 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
2.5exploitability
3.5remediation
8.3relevance
9.6threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.