IBM Db2
Moderate fix19 remedies
cpe:2.3:a:ibm:db2:*:*:*:*:linux:*:*
Moderate fix19 remedies
- >= 10.5.0, <= 10.5.11
- >= 11.1.0, <= 11.1.4.7
- >= 11.5.0, <= 11.5.9
- >= 12.1.0, <= 12.1.3
IBM Db2 Password Expiration Vulnerability Allowing Account Access Regain After Lockout
Vulnerability
Patched
A vulnerability exists in IBM Db2 versions 10.5.0 prior to 10.5.11, 11.1.0 prior to 11.1.4.7, 11.5.0 prior to 11.5.9, and 12.1.0 prior to 12.1.3 for Linux. This vulnerability could allow an authenticated user to regain access after an account lockout, which occurs when a password is used after its expiration date.
Impact
Exploitation of this vulnerability could lead to unauthorized access being granted to users after their accounts have been locked due to password expiration.
Remediation
Users can download special builds containing the interim fix for this vulnerability from IBM Fix Central. These builds are available for Db2 versions 10.5, 11.1, 11.5.9, and 12.1.2 or 12.1.3. Instructions for downloading these special builds are provided on the IBM Support page.
Added: Nov 7, 2025, 7:18 PM
Updated: Nov 7, 2025, 7:18 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
5.0exploitability
4.9remediation
7.7relevance
0.9threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.