← Back

Db2 Recovery Expert

db2_recovery_expert

Vendor: Ibm • 10 CVEs

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-3856
1Ibm
1Db2 Recovery Expert
Mar 19, 2026
Mar 17, 2026
N/A· v4
9.1 CRITICAL· v3
N/A· v2
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.
CVE-2025-27904
1Ibm
1Db2 Recovery Expert
Feb 26, 2026
Feb 17, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized acti...Show more
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.Show less
CVE-2025-27903
1Ibm
1Db2 Recovery Expert
Feb 26, 2026
Feb 17, 2026
N/A· v4
5.9 MEDIUM· v3
N/A· v2
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information usi...Show more
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.Show less
CVE-2025-27901
1Ibm
1Db2 Recovery Expert
Feb 25, 2026
Feb 17, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allo...Show more
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.Show less
CVE-2025-27900
1Ibm
1Db2 Recovery Expert
Feb 26, 2026
Feb 17, 2026
N/A· v4
6.1 MEDIUM· v3
N/A· v2
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacke...Show more
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.Show less
CVE-2025-27899
1Ibm
1Db2 Recovery Expert
Feb 26, 2026
Feb 17, 2026
N/A· v4
5.3 MEDIUM· v3
N/A· v2
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.
CVE-2025-27898
1Ibm
1Db2 Recovery Expert
Feb 26, 2026
Feb 17, 2026
N/A· v4
6.3 MEDIUM· v3
N/A· v2
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.
CVE-2013-4025
1Ibm
4Data Studio Web Console
Db2 Recovery ExpertInfosphere Optim Configuration Manager+1 more
Apr 29, 2026
Sep 25, 2013
N/A· v4
N/A· v3
1.9 LOW· v2
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the l...Show more
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.Show less
CVE-2013-4024
1Ibm
4Data Studio Web Console
Db2 Recovery ExpertInfosphere Optim Configuration Manager+1 more
Apr 29, 2026
Sep 25, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allow...Show more
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network.Show less
CVE-2013-4022
1Ibm
4Data Studio Web Console
Db2 Recovery ExpertInfosphere Optim Configuration Manager+1 more
Apr 29, 2026
Sep 25, 2013
N/A· v4
N/A· v3
3.5 LOW· v2
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a c...Show more
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors.Show less