6.5
CVE-2025-27904
- EPSS 0.02%
- Veröffentlicht 17.02.2026 19:30:28
- Zuletzt bearbeitet 26.02.2026 18:14:50
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Db2 Recovery Expert Version5.5.0 Updateinterim_fix_002 SwPlatformlinux
Ibm ≫ Db2 Recovery Expert Version5.5.0 Updateinterim_fix_002 SwPlatformunix
Ibm ≫ Db2 Recovery Expert Version5.5.0 Updateinterim_fix_002 SwPlatformwindows
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.037 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.