IBM Db2 Recovery Expert For Luw
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Db2 Recovery Expert For Luw.
By the Year
In 2026 there have been 6 vulnerabilities in IBM Db2 Recovery Expert For Luw with an average score of 6.2 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 6.22 |
It may take a day or so for new Db2 Recovery Expert For Luw vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Db2 Recovery Expert For Luw Security Vulnerabilities
DB2 Recovery Expert 5.5 Session Timeout Vulnerability (CVE-2025-27898)
CVE-2025-27898
6.3 - Medium
- February 17, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
Env var info leakage in IBM DB2 Recovery Expert 5.5 (Interim Fix 002)
CVE-2025-27899
5.3 - Medium
- February 17, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.
Exposure of Sensitive Information Through Environmental Variables
IBM DB2 Recovery Expert for LUW 5.5 Open Redirect (before 5.5 Interim Fix 002)
CVE-2025-27900
6.8 - Medium
- February 17, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Open Redirect
IBM DB2 Recovery Expert 5.5 HTTP Header Injection Vulnerability
CVE-2025-27901
6.5 - Medium
- February 17, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Improper Neutralization of HTTP Headers for Scripting Syntax
IBM DB2 Recovery Expert 5.5 Cleartext Transmission allows MitM attacks
CVE-2025-27903
5.9 - Medium
- February 17, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM Db2 Recovery Expert 5.5 XSRF via Web UI
CVE-2025-27904
6.5 - Medium
- February 17, 2026
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Db2 Recovery Expert For Luw or by IBM? Click the Watch button to subscribe.
