10 matches found
CVE-2013-4024
CVE-2013-4024 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The issue arises from the Web Console serving over HTTP, allowing remote attackers to read sessio...
CVE-2013-4025
CVE-2013-4025 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The root cause is lack of an off autocomplete attribute on the login-password field, enabling an ...
CVE-2013-4022
CVE-2013-4022 affects IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert. A flaw stores unspecified authentication information in cookies, enabling remote authenticated users to bypass access restrictions via unknown vectors...
CVE-2026-3856
Summary : CVE-2026-3856 affects IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2. The issue stems from an insecure mechanism used to verify data integrity during transmission, which could allow an attacker to modify or corrupt data. Affected product and version : IBM Db2 Recovery Expe...
CVE-2025-27899
CVE-2025-27899 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Connected sources confirm that sensitive information is disclosed via an environment variable, which could aid in subsequent attacks. The NVD/IBM metadata lists CVSSv3.1 metrics (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) with ...
CVE-2025-27898
CVE-2025-27898 affects IBM DB2 Recovery Expert for LUW, version 5.5 Interim Fix 002. The issue is that sessions are not invalidated after a timeout, which could allow an authenticated user to impersonate another user on the system. Root cause is a lack of session invalidation after inactivity. Im...
CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is affected by an open redirect vulnerability that could allow a remote attacker to perform phishing by spoofing the URL and redirecting users to a malicious site. Affected component: DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Underlying i...
CVE-2025-27903
CVE-2025-27903 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Affected component is the Recovery Expert for Linux/UNIX/Windows; the underlying issue is transmission of data over a cleartext channel, enabling potential MITM interception to obtain sensitive information. The accompanyi...
CVE-2025-27901
CVE-2025-27901 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. The vulnerability stems from improper validation of input in the HOST header, enabling HTTP header injection. This could allow an attacker to perform cross-site scripting, cache poisoning, or session hijacking against the...
CVE-2025-27904
CVE-2025-27904 : IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is vulnerable to cross-site request forgery (CSRF), allowing an attacker to perform malicious and unauthorized actions transmitted from a trusted user. The issue affects IBM Db2 Recovery Expert for Linux, UNIX and Windows and is...