CVE-2025-14687
Client-Side Security Bypass in IBM Db2 Intelligence Center
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2_intelligence_center | 1.1.1 |
| ibm | db2_intelligence_center | 1.1.2 |
| ibm | db2_intelligence_center | 1.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Db2 Intelligence Center versions 1.1.0, 1.1.1, and 1.1.2 allows an authenticated user to perform unauthorized actions because security mechanisms that should be enforced on the server side are instead enforced on the client side, which can be bypassed.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions by authenticated users, potentially compromising the integrity of the system or data, as users might bypass intended security controls.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade IBM Db2 Intelligence Center to version 1.1.3, where the issue is addressed. [1]