CVE-2025-27898

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
6.3MEDIUM
EPSS
0.0%
top 86.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM DB2 Recovery Expert FOR LUWIBM DB2 Recovery Expert
Timeline
PublishedFeb 17

Description

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm/db2_recovery_expert_for_luw5.5 Interim Fix 002

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-5xwj-82gw-46fv: IBM DB2 Recovery Expert for LUW 52026-02-17
CVEList
Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows2026-02-17
CVE-2025-27898 (MEDIUM CVSS 6.3) | IBM DB2 Recovery Expert for LUW 5.5 | cvebase.io