208 matches found
CVE-2025-27898
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-13108
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...
CVE-2025-27898
CVE-2025-27898 is supported by connected documentation: IBM Db2 Recovery Expert for Linux, UNIX and Windows (DB2 Recovery Expert LUW) versions affected include 5.5 with IF 2. The bulletin states the vulnerability arises from the product not invalidating a session after a timeout, which could allo...
CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-27899
CVE-2025-27899 is an IBM Db2 Recovery Expert for Linux, UNIX and Windows vulnerability where sensitive information is disclosed in an environment variable. The IBM security bulletin in connected documents confirms the affected product as DB2 Recovery Expert for LUW and states the issue arises fro...
CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...
CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
CVE-2025-27900
CVE-2025-27900 is tied to IBM Db2 Recovery Expert for Linux, UNIX and Windows. The connected IBM security bulletin describes a remote open-redirect vulnerability in Db2 Recovery Expert, enabling an attacker to craft a URL that could spoof the user’s experience and facilitate further attacks (e.g....
CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
CVE-2025-27901
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
CVE-2025-27901 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
CVE-2025-27901
IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection (improper validation of HOST headers). Exploitation could enable cross-site scripting, cache poisoning, or session hijacking. Affected product/version: DB2 Recovery Expert for LUW 5.5 IF 2. Remediation: upg...
CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-27904
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-33130
IBM Db2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 is affected by CVE-2025-33130 due to a buffer being overwritten on the stack, allowing an authenticated user to crash the program. The root cause is a stack-allocated buffer overwrite, leading to a possible denial of service without remote...
CVE-2025-33130 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...
CVE-2025-33124 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...