Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Leaks Sensitive System Info
CVE-2025-27899
Summary
A security issue with IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 exposes sensitive system information, which could help attackers target the system. This means that an attacker could use this information to launch more targeted attacks. To protect your system, update to the latest version of IBM DB2 Recovery Expert for LUW.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2_recovery_expert | 5.5.0 | – |
| ibm | db2_recovery_expert | 5.5.0 | – |
| ibm | db2_recovery_expert | 5.5.0 | – |
Original title
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.
Original description
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.
nvd CVSS3.1
5.3
Vulnerability type
CWE-526
- https://www.ibm.com/support/pages/node/7259901 Vendor Advisory Patch
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026