Skip to main content

Db2 Recovery Expert

10 CVEs product

Monthly

CVE-2026-3856 MEDIUM PATCH This Month

CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft IBM Information Disclosure Db2 Recovery Expert Windows
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27904 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows CSRF Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27903 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows Db2 Recovery Expert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-27901 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows XSS Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27900 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-27899 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27898 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2013-4025 LOW Monitor

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation IBM Data Studio Web Console Db2 Recovery Expert Infosphere Optim Configuration Manager +1
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4024 MEDIUM This Month

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Data Studio Web Console Db2 Recovery Expert Infosphere Optim Configuration Manager +1
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4022 LOW Monitor

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Data Studio Web Console Db2 Recovery Expert Infosphere Optim Configuration Manager +1
NVD
CVSS 2.0
3.5
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Microsoft IBM Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
EPSS 0% CVSS 1.9
LOW Monitor

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation IBM Data Studio Web Console +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Data Studio Web Console +3
NVD
EPSS 0% CVSS 3.5
LOW Monitor

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Data Studio Web Console +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy