Description
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.
Published: 2026-03-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Integrity Compromise
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from an insecure mechanism used by IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 to verify the integrity of data during transmission, which could allow an attacker to modify or corrupt data. The weakness corresponds to CWE‑353, reflecting a failure to protect data authenticity and integrity. Consequently, an attacker could potentially alter stored information, leading to incorrect database recovery or loss of reliable backup data.

Affected Systems

IBM Db2 Recovery Expert for Linux, Unix and Windows, version 5.5 IF 2. The affected builds are reflected in the CPEs for version 5.5.0 and 5.5 IF 2 across all supported operating systems.

Risk and Exploitability

The assessed CVSS score is 5.3, indicating moderate severity, while the EPSS score is less than 1 %, suggesting a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be an exploitation of the data transmission path used by the software, although the description does not explicitly detail the attacker’s entry method.

Generated by OpenCVE AI on March 19, 2026 at 15:31 UTC.

Remediation

Vendor Solution

Upgrade to DB2 Recovery Expert for Linux, Unix and Windows v5.5.0.1 Interim Fix 8 available on Fix Central  here https://www.ibm.com/support/fixcentral/swg/selectFixes .

OpenCVE Recommended Actions

  • Apply the vendor-provided Interim Fix 8 and upgrade to DB2 Recovery Expert for Linux, Unix and Windows v5.5.0.1
  • Verify the patch has been successfully applied and that the system is running the fixed version
  • Monitor system logs for any unexpected data modifications or transmission anomalies

Generated by OpenCVE AI on March 19, 2026 at 15:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:linux:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:unix:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5.0:interim_fix_002:*:*:*:windows:*:*

Wed, 18 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Description IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.
Title IBM Db2 Recovery Expert Missing Integrity Check
First Time appeared Ibm
Ibm db2 Recovery Expert
Weaknesses CWE-353
CPEs cpe:2.3:a:ibm:db2_recovery_expert:5.5:if2:*:*:*:linux:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5:if2:*:*:*:unix:*:*
cpe:2.3:a:ibm:db2_recovery_expert:5.5:if2:*:*:*:windows:*:*
Vendors & Products Ibm
Ibm db2 Recovery Expert
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Ibm Db2 Recovery Expert
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-18T20:15:13.762Z

Reserved: 2026-03-09T20:48:18.685Z

Link: CVE-2026-3856

cve-icon Vulnrichment

Updated: 2026-03-18T20:15:09.716Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T23:16:17.647

Modified: 2026-03-19T14:20:39.490

Link: CVE-2026-3856

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:29Z

Weaknesses