Db2 Recovery Expert

7 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3856 MEDIUM PATCH This Month

CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft IBM Information Disclosure Db2 Recovery Expert Windows
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27904 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows CSRF Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27903 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows Db2 Recovery Expert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-27901 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows XSS Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27900 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-27899 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27898 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-3856
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft IBM Information Disclosure +2
NVD VulDB
CVE-2025-27904
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows +2
NVD
CVE-2025-27903
EPSS 0% CVSS 5.9
MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows +1
NVD
CVE-2025-27901
EPSS 0% CVSS 6.5
MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows +2
NVD
CVE-2025-27900
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
CVE-2025-27899
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVE-2025-27898
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy