Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.

Basic Information

ID CVE-2025-27899

Source ibm

Published Feb 17, 2026 at 19:50

Affected Product

Vendor IBM

Product DB2 Recovery Expert for LUW

Version 5.5 Interim Fix 002

Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002

CWE Classification

CWE-526

References

www.ibm.com /support/pages/node/7259901

{
    "lastseen": "",
    "description": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.",
    "published": "2026-02-17T19:50:33.512Z",
    "modified": "2026-02-17T19:50:33.512Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7259901",
    "id": "CVE-2025-27899",
    "bulletinFamily": "",
    "cwe": [
        "CWE-526"
    ],
    "cvelist": null,
    "sourceData": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DB2 Recovery Expert for LUW",
    "version": "5.5 Interim Fix 002",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows_CVE-2025-27899