Ibm Db2 Recovery Expert For Luw vulnerabilities
6 known vulnerabilities affecting ibm/db2_recovery_expert_for_luw.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-27900MEDIUMCVSS 6.1v5.5 Interim Fix 0022026-02-17
CVE-2025-27900 [MEDIUM] CWE-601 CVE-2025-27900: IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishin
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be tr
cvelistv5nvd
CVE-2025-27903MEDIUMCVSS 5.9v5.5 Interim Fix 0022026-02-17
CVE-2025-27903 [MEDIUM] CWE-319 CVE-2025-27903: IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.
cvelistv5nvd
CVE-2025-27899MEDIUMCVSS 5.3v5.5 Interim Fix 0022026-02-17
CVE-2025-27899 [MEDIUM] CWE-526 CVE-2025-27899: IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environmen
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.
cvelistv5nvd
CVE-2025-27898MEDIUMCVSS 6.3v5.5 Interim Fix 0022026-02-17
CVE-2025-27898 [MEDIUM] CWE-613 CVE-2025-27898: IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout whic
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.
cvelistv5nvd
CVE-2025-27904MEDIUMCVSS 6.5v5.5 Interim Fix 0022026-02-17
CVE-2025-27904 [MEDIUM] CWE-352 CVE-2025-27904: IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
cvelistv5nvd
CVE-2025-27901MEDIUMCVSS 6.5v5.5 Interim Fix 0022026-02-17
CVE-2025-27901 [MEDIUM] CWE-644 CVE-2025-27901: IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session h
cvelistv5nvd