6.3
CVE-2025-36117
- EPSS 0.05%
- Veröffentlicht 23.07.2025 14:27:08
- Zuletzt bearbeitet 07.08.2025 14:36:42
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Db2 Mirror for i session fixation
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Db2 Mirror For I Version7.4
Ibm ≫ Db2 Mirror For I Version7.5
Ibm ≫ Db2 Mirror For I Version7.6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.163 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.