{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-27903", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-10T17:14:03.091Z", "datePublished": "2026-02-17T19:32:05.961Z", "dateUpdated": "2026-02-17T20:29:07.981Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:db2_recovery_expert_for_luw:5.5:interim_fix_002:*:*:*:*:*:*"], "product": "DB2 Recovery Expert for LUW", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.5 Interim Fix 002", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.</p>"}], "value": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-17T19:32:05.961Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7259901"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Upgrade to DB2 Recovery Expert for Linux, Unix and Windows v5.5.0.1 Interim Fix 8 available on Fix Central.</p>"}], "value": "Upgrade to DB2 Recovery Expert for Linux, Unix and Windows v5.5.0.1 Interim Fix 8 available on Fix Central."}], "title": "Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T20:28:08.135809Z", "id": "CVE-2025-27903", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T20:29:07.981Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T20:28:08.135809Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T20:28:32.289Z"}}], "cna": {"title": "Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:db2_recovery_expert_for_luw:5.5:interim_fix_002:*:*:*:*:*:*"], "vendor": "IBM", "product": "DB2 Recovery Expert for LUW", "versions": [{"status": "affected", "version": "5.5 Interim Fix 002", "versionType": "semver"}]}], "solutions": [{"lang": "en", "value": "Upgrade to DB2 Recovery Expert for Linux, Unix and Windows v5.5.0.1 Interim Fix 8 available on Fix Central.", "supportingMedia": [{"type": "text/html", "value": "<p>Upgrade to DB2 Recovery Expert for Linux, Unix and Windows v5.5.0.1 Interim Fix 8 available on Fix Central.</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7259901", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-17T19:32:05.961Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27903", "state": "PUBLISHED", "dateUpdated": "2026-02-17T20:29:07.981Z", "dateReserved": "2025-03-10T17:14:03.091Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-02-17T19:32:05.961Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:linux:*:*", "matchCriteriaId": "00292A98-B842-40DC-9C42-166072D8F762", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:unix:*:*", "matchCriteriaId": "7359808F-EE55-413C-A750-24B9E152B4D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:windows:*:*", "matchCriteriaId": "32ECD97B-CCDD-4848-88CF-5250FCF63685", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques."}, {"lang": "es", "value": "IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmite datos en un canal de comunicaci\u00f3n de texto claro que podr\u00eda permitir a un atacante obtener informaci\u00f3n sensible utilizando t\u00e9cnicas de man-in-the-middle."}], "id": "CVE-2025-27903", "lastModified": "2026-02-26T18:14:21.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-02-17T20:22:02.543", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7259901"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"created": "2026-02-18T10:33:29.150501+00:00", "updated": "2026-02-18T10:33:29.150576+00:00", "vendors": ["ibm", "ibm$PRODUCT$db2_recovery_expert_for_luw"]}