13 matches found
Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager
Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...
Security Bulletin: IBM i is affected by Cross-Site Request Forgery and Cross-Site Scripting in Digital Certificate Manager and Navigator for i [CVE-2025-66035, CVE-2025-66412, CVE-2026-22610]
Summary IBM i Digital Certificate Manager DCM and Navigator for i are vulnerable to Cross-Site Request Forgery XSRF token leakage via protocol-relative URLs in angular HTTP clients CVE-2025-66035 and Cross-Site Scripting XSS via the compiler's internal security schema being incomplete...
EUVD-2025-23989
Malicious code in bioql PyPI...
CVE-2025-36119
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
CVE-2025-36119
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
CVE-2025-36119
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
CVE-2025-36119 IBM i authentication bypass
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
CVE-2025-36119 IBM i authentication bypass
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
CVE-2025-36119
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...
IBM i 安全漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.3, 7.4, 7.5, and 7.6 that stems from Web session hijacking in IBM Digital Certificate Manager for i DCM resulting in...
PT-2025-32360 · Ibm · Ibm Digital Certificate Manager For I +1
Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.6 Description: An authenticated user without administrator privileges can exploit a web session hijacking issue in IBM Digital Certificate Manager for i DCM to perform administrative actions. Recommendations: IBM ...
Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).
Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...
Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358)
Summary Digital Certificate Manager for IBM i is vulnerable to a cross-site scripting issue in the old web application as described in the vulnerability details section. IBM i has addressed the applicable CVE with a fix to the Digital Certificate Manage web application as described in the...