Release Notes
Abstract
This document lists the updates that have been done and are available for IBM Guardium Database Protection Service (DPS). Rapid Response DPS supports the maintenance of common vulnerabilities and exposures (CVE). Uploads are used to keep information current and within industry best practices to protect against newly discovered vulnerabilities. Distribution of updates is done whenever a CVE is published with a score of 7.0 or greater.
Content
This Rapid Response DPS depends on the Quarterly DPS 2025 Q2 (see release note).
Rapid Response DPS is available only to customers with IBM Guardium Data Protection versions 12.x and 11.x. Rapid Response DPS is cumulative, just like the Quarterly DPS. To stay current, you must upload the latest Quarterly DPS and the latest Rapid Response DPS.
To have the DPS process automatically update your security assessments with future CVE or authorized program analysis report (APAR) tests, modify your security assessment and check the box after "Automatically add all future CVE or APAR tests after DPS uploaded".
Note: If you plan to apply any patch, ad hoc, upgrade, or bundle after you apply a Rapid Response DPS, you must apply the latest Rapid Response DPS file since the last Quarterly DPS, up until the next Quarterly DPS (which is cumulative and will contain all previous Rapid Response DPS data).
DPS files
| Version | Filename and MD5SUM |
|---|---|
| 12.x |
Filename: Guardium_V12_Rapid_Response_DPS_For_2025_Q2_20250618.enc
MD5SUM: 78086c41cc91df89d16fe1d3198da088
|
| 11.x |
Filename: Guardium_V11_Rapid_Response_DPS_For_2025_Q2_20250618.enc
MD5SUM: 5b62d80c4b61fc680275aca3b1ef9865 |
New tests for 18 June 2025 Rapid Response DPS
| Version | Test name | Test ID | Description | Database type |
|---|---|---|---|---|
| 12.x, 11.x |
CVE-2025-30065
|
9838
|
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code.
|
CLOUDERA MANAGER
|
| 12.x, 11.x |
CVE-2025-46619
|
9839
|
A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in 7.6.4 and 7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.
|
COUCHBASE
|
| 12.x, 11.x | CVE-2024-49350 | 9840 | IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | DB2 |
| 12.x, 11.x | CVE-2025-2518 | 9841 | IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9, and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | DB2 |
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000cvkbAAA","label":"DPS"},{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
18 June 2025
UID
ibm17236753