Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 days ago5 views

Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager

Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...

8.8CVSS7.5AI score0.00331EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 4:42 p.m.10 views

Security Bulletin: IBM i is affected by Cross-Site Request Forgery and Cross-Site Scripting in Digital Certificate Manager and Navigator for i [CVE-2025-66035, CVE-2025-66412, CVE-2026-22610]

Summary IBM i Digital Certificate Manager DCM and Navigator for i are vulnerable to Cross-Site Request Forgery XSRF token leakage via protocol-relative URLs in angular HTTP clients CVE-2025-66035 and Cross-Site Scripting XSS via the compiler's internal security schema being incomplete...

8.5CVSS5.3AI score0.01535EPSS
Exploits2Affected Software5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23989

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/10 2:33 p.m.20 views

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

8.8CVSS6.8AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2025/08/08 3:15 p.m.9 views

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

8.8CVSS0.00175EPSS
Exploits0References1
OSV
OSV
added 2025/08/08 3:15 p.m.4 views

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

8.8CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/08 2:25 p.m.10 views

CVE-2025-36119 IBM i authentication bypass

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

7.1CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/08 2:25 p.m.6 views

CVE-2025-36119 IBM i authentication bypass

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

7.1CVSS6.1AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/08 2:25 p.m.2 views

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

8.8CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.3 views

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.3, 7.4, 7.5, and 7.6 that stems from Web session hijacking in IBM Digital Certificate Manager for i DCM resulting in...

8.8CVSS6.6AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.7 views

PT-2025-32360 · Ibm · Ibm Digital Certificate Manager For I +1

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.6 Description: An authenticated user without administrator privileges can exploit a web session hijacking issue in IBM Digital Certificate Manager for i DCM to perform administrative actions. Recommendations: IBM ...

8.8CVSS5.9AI score0.00175EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 8:1 p.m.57 views

Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).

Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...

6.5CVSS5.6AI score0.00638EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 7:13 p.m.44 views

Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358)

Summary Digital Certificate Manager for IBM i is vulnerable to a cross-site scripting issue in the old web application as described in the vulnerability details section. IBM i has addressed the applicable CVE with a fix to the Digital Certificate Manage web application as described in the...

5.4CVSS5.4AI score0.00421EPSS
Exploits0Affected Software5
Rows per page
Query Builder