Ibm

Db2 Recovery Expert

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-3856

  • EPSS 0%
  • Veröffentlicht 17.03.2026 22:20:14
  • Zuletzt bearbeitet 19.03.2026 14:20:39

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.

5.3

CVE-2025-27899

  • EPSS 0.04%
  • Veröffentlicht 17.02.2026 20:22:02
  • Zuletzt bearbeitet 26.02.2026 16:33:06

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.

6.1

CVE-2025-27900

  • EPSS 0.03%
  • Veröffentlicht 17.02.2026 20:22:02
  • Zuletzt bearbeitet 26.02.2026 18:04:54

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerabi...

6.3

CVE-2025-27898

  • EPSS 0.05%
  • Veröffentlicht 17.02.2026 20:22:01
  • Zuletzt bearbeitet 26.02.2026 16:33:33

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.

6.5

CVE-2025-27901

  • EPSS 0.05%
  • Veröffentlicht 17.02.2026 19:35:41
  • Zuletzt bearbeitet 25.02.2026 19:02:23

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct vario...

5.9

CVE-2025-27903

  • EPSS 0.02%
  • Veröffentlicht 17.02.2026 19:32:05
  • Zuletzt bearbeitet 26.02.2026 18:14:21

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle technique...

6.5

CVE-2025-27904

  • EPSS 0.02%
  • Veröffentlicht 17.02.2026 19:30:28
  • Zuletzt bearbeitet 26.02.2026 18:14:50

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user th...

3.5

CVE-2013-4022

  • EPSS 0.14%
  • Veröffentlicht 25.09.2013 10:31:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote aut...

4.3

CVE-2013-4024

  • EPSS 0.21%
  • Veröffentlicht 25.09.2013 10:31:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read ses...

1.9

CVE-2013-4025

  • EPSS 0.08%
  • Veröffentlicht 25.09.2013 10:31:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which mak...