IBM’s database management system Db2 and the IT management software Tivoli Monitoring are vulnerable. In the worst case, malicious code can get onto systems.
Dangerous gaps
According to a warning message, one vulnerability (CVE-2025-30065) is considered “critical”. It has a maximum CVSS score of 10 out of 10. The security problem can be found in the parquet-avro module of Apache Parquet, which is part of Db2. Because the module processes untrusted data, attackers can use prepared Parquet files to exploit the vulnerability and ultimately execute malicious code.
The remaining Db2 vulnerabilities are classified as “medium”. Attackers can create DoS states or execute their commands at these points. The vulnerabilities have been closed by the developers in several special builds, which are linked in the warning messages listed below this article.
The vulnerability (CVE-2025-3357) in Tivoli Monitoring is considered “critical”. Here, too, the execution of malicious code is possible. The IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0020 release is prepared against this.
(des)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!
