CVE-2025-36117
- EPSS 0.05%
- Published 23.07.2025 14:27:08
- Last modified 07.08.2025 14:36:42
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
CVE-2025-36116
- EPSS 0.04%
- Published 23.07.2025 14:26:06
- Last modified 07.08.2025 14:36:55
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connec...
CVE-2023-47741
- EPSS 0.04%
- Published 18.12.2023 20:15:08
- Last modified 21.11.2024 08:30:44
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the v...
CVE-2022-43928
- EPSS 0.05%
- Published 07.04.2023 14:15:07
- Last modified 21.11.2024 07:27:22
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. T...