CVE-2026-3856

Published: Mar 17, 2026Modified: Mar 19, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.

Affected (3)

Products: Ibm: Db2 Recovery Expert

Ibm

1 product

Db2 Recovery Expert

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2 Recovery Expert	Version 5.5.0 interim_fix_002
Ibm Db2 Recovery Expert	Version 5.5.0 interim_fix_002
Ibm Db2 Recovery Expert	Version 5.5.0 interim_fix_002

Related CWEs

CWE-353

Missing Support for Integrity Check

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References (1)

https://www.ibm.com/support/pages/node/7266272

Source: psirt@us.ibm.com

PatchVendor Advisory

Timeline

No history available yet.