Malicious code attacks on IBM Db2 and Tivoli Monitoring possible
Attackers can attack IBM Db2 and Tivoli Monitoring. Security updates close several vulnerabilities.
(Image: Artur Szczybylo/Shutterstock.com)
IBM's database management system Db2 and the IT management software Tivoli Monitoring are vulnerable. In the worst case, malicious code can get onto systems.
Dangerous gaps
According to a warning message, one vulnerability (CVE-2025-30065) is considered "critical". It has a maximum CVSS score of 10 out of 10. The security problem can be found in the parquet-avro module of Apache Parquet, which is part of Db2. Because the module processes untrusted data, attackers can use prepared Parquet files to exploit the vulnerability and ultimately execute malicious code.
Videos by heise
The remaining Db2 vulnerabilities are classified as "medium". Attackers can create DoS states or execute their commands at these points. The vulnerabilities have been closed by the developers in several special builds, which are linked in the warning messages listed below this article.
The vulnerability (CVE-2025-3357) in Tivoli Monitoring is considered "critical". Here, too, the execution of malicious code is possible. The IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0020 release is prepared against this.
- IBM Db2 is affected by a vulnerability in Apache Parquet (CVE-2025-30065).
- IBM Db2 is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-49350)
- IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions (CVE-2025-2518)
- Â IBM Db2 is vulnerable to a denial of service under certain conditions (CVE-2025-3050)
- IBM Tivoli Monitoring is affected by an insufficient validation of input data
(des)
