cvelistv5 - cve-2024-45675

CVE-2024-45675 (GCVE-0-2024-45675)

Vulnerability from cvelistv5 – Published: 2025-12-02 02:00 – Updated: 2025-12-03 04:55

Summary

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-309 - Use of Password System for Primary Authentication

Assigner

ibm

References

URL

Tags

https://www.ibm.com/support/pages/node/7252704

vendor-advisorypatch

Impacted products

	Vendor	Product	Version
	IBM	Informix Dynamic Server	Affected: 14.10 cpe:2.3:a:ibm:informix_dynamic_server:14.10:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T04:55:38.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
          ],
          "product": "Informix Dynamic Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "14.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.\u003c/p\u003e"
            }
          ],
          "value": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-309",
              "description": "CWE-309 Use of Password System for Primary Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T02:00:26.554Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7252704"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRemediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation.\u003c/p\u003e"
            }
          ],
          "value": "Remediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation."
        }
      ],
      "title": "IBM Informix Dynamic Server Authentication Bypass",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45675",
    "datePublished": "2025-12-02T02:00:26.554Z",
    "dateReserved": "2024-09-03T13:50:43.964Z",
    "dateUpdated": "2025-12-03T04:55:38.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45675\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-12-02T03:16:14.587\",\"lastModified\":\"2025-12-03T17:26:23.860\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-309\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"14.10\",\"matchCriteriaId\":\"720F935C-B26C-4789-AC64-54A7B955FD14\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7252704\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T16:51:39.999882Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T16:51:41.162Z\"}}], \"cna\": {\"title\": \"IBM Informix Dynamic Server Authentication Bypass\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Informix Dynamic Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.10\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Remediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eRemediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7252704\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-309\", \"description\": \"CWE-309 Use of Password System for Primary Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-12-02T02:00:26.554Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T04:55:38.968Z\", \"dateReserved\": \"2024-09-03T13:50:43.964Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-12-02T02:00:26.554Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2024-45675

Vulnerability from fkie_nvd - Published: 2025-12-02 03:16 - Updated: 2025-12-03 17:26

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.

References

	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7252704	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	informix_dynamic_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "720F935C-B26C-4789-AC64-54A7B955FD14",
              "versionEndExcluding": "14.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password."
    }
  ],
  "id": "CVE-2024-45675",
  "lastModified": "2025-12-03T17:26:23.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-12-02T03:16:14.587",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7252704"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-309"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

GHSA-4P8F-FWRJ-RJHQ

Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 03:31

Details

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.

Severity ?

8.4 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-45675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-309"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T03:16:14Z",
    "severity": "HIGH"
  },
  "details": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.",
  "id": "GHSA-4p8f-fwrj-rjhq",
  "modified": "2025-12-02T03:31:44Z",
  "published": "2025-12-02T03:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45675"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7252704"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-1051

Vulnerability from certfr_avis - Published: 2025-11-28 - Updated: 2025-11-28

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling File Gateway	Sterling File Gateway versions antérieures à 6.2.1.1_1
IBM	Db2	Db2 versions V11.5.x sans le correctif APAR DT433150
IBM	Spectrum	Spectrum Control versions antérieures à 5.4.13.2
IBM	Db2	Db2 versions V11.1.x sans le correctif APAR DT433150
IBM	Db2	Db2 versions V12.1.3 sans le correctif APAR DT433150
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.21
IBM	WebSphere Service Registry and Repository	WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité
IBM	Sterling B2B Integrator	Sterling B2B Integrator versions antérieures à 6.2.1.1_1
IBM	QRadar Deployment Intelligence App	QRadar Deployment Intelligence App versions antérieures à 3.0.19
IBM	Informix Dynamic Server	Informix Dynamic Server versions 14.10 antérieures à 14.10.xC11W1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7252704	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7252903	2025-11-27	vendor-advisory
Bulletin de sécurité IBM 7252597	2025-11-28	vendor-advisory
Bulletin de sécurité IBM 7252211	2025-11-21	vendor-advisory
Bulletin de sécurité IBM 7252908	2025-11-27	vendor-advisory
Bulletin de sécurité IBM 7250474	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7252718	2025-11-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling File Gateway versions ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling File Gateway",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V11.5.x sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.13.2",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V11.1.x sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V12.1.3 sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.21",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere Service Registry and Repository",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.19",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Informix Dynamic Server versions 14.10 ant\u00e9rieures \u00e0 14.10.xC11W1",
      "product": {
        "name": "Informix Dynamic Server",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-58369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58369"
    },
    {
      "name": "CVE-2025-47279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2018-25031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-54121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54121"
    },
    {
      "name": "CVE-2024-45675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45675"
    },
    {
      "name": "CVE-2025-59822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59822"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2025-23184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    }
  ],
  "initial_release_date": "2025-11-28T00:00:00",
  "last_revision_date": "2025-11-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1051",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252704",
      "url": "https://www.ibm.com/support/pages/node/7252704"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252903",
      "url": "https://www.ibm.com/support/pages/node/7252903"
    },
    {
      "published_at": "2025-11-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252597",
      "url": "https://www.ibm.com/support/pages/node/7252597"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252211",
      "url": "https://www.ibm.com/support/pages/node/7252211"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252908",
      "url": "https://www.ibm.com/support/pages/node/7252908"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
      "url": "https://www.ibm.com/support/pages/node/7250474"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252718",
      "url": "https://www.ibm.com/support/pages/node/7252718"
    }
  ]
}

CERTFR-2025-AVI-1051

Vulnerability from certfr_avis - Published: 2025-11-28 - Updated: 2025-11-28

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling File Gateway	Sterling File Gateway versions antérieures à 6.2.1.1_1
IBM	Db2	Db2 versions V11.5.x sans le correctif APAR DT433150
IBM	Spectrum	Spectrum Control versions antérieures à 5.4.13.2
IBM	Db2	Db2 versions V11.1.x sans le correctif APAR DT433150
IBM	Db2	Db2 versions V12.1.3 sans le correctif APAR DT433150
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.21
IBM	WebSphere Service Registry and Repository	WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité
IBM	Sterling B2B Integrator	Sterling B2B Integrator versions antérieures à 6.2.1.1_1
IBM	QRadar Deployment Intelligence App	QRadar Deployment Intelligence App versions antérieures à 3.0.19
IBM	Informix Dynamic Server	Informix Dynamic Server versions 14.10 antérieures à 14.10.xC11W1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7252704	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7252903	2025-11-27	vendor-advisory
Bulletin de sécurité IBM 7252597	2025-11-28	vendor-advisory
Bulletin de sécurité IBM 7252211	2025-11-21	vendor-advisory
Bulletin de sécurité IBM 7252908	2025-11-27	vendor-advisory
Bulletin de sécurité IBM 7250474	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7252718	2025-11-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling File Gateway versions ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling File Gateway",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V11.5.x sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.13.2",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V11.1.x sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V12.1.3 sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.21",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere Service Registry and Repository",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.19",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Informix Dynamic Server versions 14.10 ant\u00e9rieures \u00e0 14.10.xC11W1",
      "product": {
        "name": "Informix Dynamic Server",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-58369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58369"
    },
    {
      "name": "CVE-2025-47279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2018-25031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-54121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54121"
    },
    {
      "name": "CVE-2024-45675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45675"
    },
    {
      "name": "CVE-2025-59822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59822"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2025-23184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    }
  ],
  "initial_release_date": "2025-11-28T00:00:00",
  "last_revision_date": "2025-11-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1051",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252704",
      "url": "https://www.ibm.com/support/pages/node/7252704"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252903",
      "url": "https://www.ibm.com/support/pages/node/7252903"
    },
    {
      "published_at": "2025-11-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252597",
      "url": "https://www.ibm.com/support/pages/node/7252597"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252211",
      "url": "https://www.ibm.com/support/pages/node/7252211"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252908",
      "url": "https://www.ibm.com/support/pages/node/7252908"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
      "url": "https://www.ibm.com/support/pages/node/7250474"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252718",
      "url": "https://www.ibm.com/support/pages/node/7252718"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-45675 (GCVE-0-2024-45675)

FKIE_CVE-2024-45675

GHSA-4P8F-FWRJ-RJHQ

CERTFR-2025-AVI-1051

Solutions

CERTFR-2025-AVI-1051

Solutions

Tags

Sightings

Nomenclature