Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Basic Information

ID CVE-2025-27901

Source ibm

Published Feb 17, 2026 at 19:35

Modified Feb 17, 2026 at 20:08

Affected Product

Vendor IBM

Product DB2 Recovery Expert for LUW

Version 5.5 Interim Fix 002

Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002

CWE Classification

CWE-644

References

www.ibm.com /support/pages/node/7259901

{
    "lastseen": "",
    "description": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.\u00a0 This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
    "published": "2026-02-17T19:35:41.360Z",
    "modified": "2026-02-17T20:08:30.239Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7259901",
    "id": "CVE-2025-27901",
    "bulletinFamily": "",
    "cwe": [
        "CWE-644"
    ],
    "cvelist": null,
    "sourceData": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DB2 Recovery Expert for LUW",
    "version": "5.5 Interim Fix 002",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows_CVE-2025-27901