Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
IBM DB2 Merge Backup Memory Exposure on Linux, UNIX, and Windows
CVE-2025-13108
Summary
IBM DB2 Merge Backup on certain systems may store sensitive data in memory, allowing unauthorized access. This could potentially lead to data breaches if an attacker gains access to the system's memory. To mitigate this risk, IBM recommends users update to the latest version of DB2 Merge Backup.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2_merge_backup | 12.1.0.0 | – |
| ibm | db2_merge_backup | 12.1.0.0 | – |
| ibm | db2_merge_backup | 12.1.0.0 | – |
Original title
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
Original description
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
nvd CVSS3.1
7.5
Vulnerability type
CWE-226
- https://www.ibm.com/support/pages/node/7260043 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026