CVE-2026-3856

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...

CVE-2026-3856 IBM Db2 Recovery Expert Missing Integrity Check

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...

Security Bulletin: CVE-2026-3856 found in IBM Db2 Recovery Expert for Linux, UNIX and Windows v5.5

Summary IBM Db2 Recovery Expert for Linux, UNIX and Windows could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission. Vulnerability Details ID: CVE-2026-3856 DESCRIPTION: IBM DB2 Recovery Expert for Linux, UNIX...

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 5.5 IF 2 of IBM Db2 Recovery Expert contains a security vulnerability. This vulnerability stems from an insecure mechanism used to verify data integrity during transmission, which could allow attackers to modify or...

Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console

Summary traverse-7.17.3.tgz , sshd-core-1.7.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Class...

Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console

Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

Denial of Service Vulnerability in IBM Db2

IBM Db2 is a set of relational database management system developed by the United States International Business Machines IBM Corporation, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, as well as Windows server versions. A denial...

XML External Entity Injection Vulnerability in IBM Db2

IBM Db2 is the United States International Business Machines IBM company developed a set of relational database management system, it is the main operating environment for UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. An XML external entit...

Security Bulletin: A vulnerability in the body-parser package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the body-parser 2.2.0 package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5 and earlier. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

Summary There are multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows. All platforms are affected, and all previous versions may also be affected. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: In Eclipse OpenJ9 release versions prior to 0.44...

Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance ISVG, now re-branded as IBM Verify Identity Governance IVIG, uses IBM Db2 database. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery due to Angular [CVE-2025-66412, CVE-2026-22610, CVE-2025-66035]

Summary The IBM Db2 Mirror for i GUI uses the Angular web framework. The version of Angular used by IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery as described in the vulnerability details section. IBM has addressed the vulnerabilities for IBM Db2 Mirror...

CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

CVE-2025-27903

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27901

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

CVE-2025-14689

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2025-33124

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...