CVE-2025-27903
Cleartext Transmission Vulnerability in IBM DB2 Recovery Expert
Publication date: 2026-02-17
Last updated on: 2026-02-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2_recovery_expert | 5.5.0 |
| ibm | db2_recovery_expert | 5.5.0 |
| ibm | db2_recovery_expert | 5.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
IBM Db2 Recovery Expert for Linux, UNIX and Windows (LUW) version 5.5 Interim Fix 002 transmits data over a communication channel in cleartext. This means that the data is not encrypted during transmission.
Because the data is sent in cleartext, an attacker could use man-in-the-middle techniques to intercept and obtain sensitive information.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to intercept sensitive information transmitted by IBM Db2 Recovery Expert for LUW due to the use of cleartext communication channels.
Such interception could lead to unauthorized disclosure of sensitive data, potentially compromising confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know