30 matches found
EUVD-2019-14143
Malware in sbrugna...
EUVD-2025-22447
Malicious code in bioql PyPI...
EUVD-2022-46898
Malicious code in bioql PyPI...
EUVD-2025-22446
Malicious code in bioql PyPI...
CVE-2025-36117
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36116
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...
CVE-2025-36117
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36116
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...
CVE-2025-36117
CVE-2025-36117 affects IBM Db2 Mirror for i 7.4–7.6. The vulnerability arises because the system does not discard the session id after use, enabling an authenticated user to impersonate another user on the system. Impact is described as session fixation with potential for credential/identity misu...
CVE-2025-36117 IBM Db2 Mirror for i session fixation
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36117 IBM Db2 Mirror for i session fixation
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
Security Bulletin: IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities [CVE-2025-36116, CVE-2025-36117].
Summary IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...
PT-2025-30587 · Ibm · Ibm I Db2 Mirror For I
Name of the Vulnerable Software and Affected Versions: IBM Db2 Mirror for i versions 7.4 through 7.6 Description: The IBM Db2 Mirror for i GUI is susceptible to a cross-site WebSocket hijacking issue. An unauthenticated malicious actor can exploit this by sending a specially crafted request to...
PT-2025-30588 · Ibm · Ibm I Db2 Mirror For I
Name of the Vulnerable Software and Affected Versions: IBM Db2 Mirror for i versions 7.4 through 7.6 Description: IBM Db2 Mirror for i does not disallow the session id after use, potentially allowing an authenticated user to impersonate another user on the system. Recommendations: IBM Db2 Mirror...
CVE-2023-47741
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to...
CVE-2023-47741
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to...
Code injection
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to...
PT-2023-30586 · Ibm · Ibm I +1
Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.5 IBM i Db2 Mirror for i versions 7.4 through 7.5 Description: The issue allows clear-text passwords to be left in browser memory, which can be viewed using common browser tools before the memory is garbage...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to an attacker obtaining sensitive information due to a vulnerability in web browser clients (CVE-2023-47741).
Summary IBM Db2 Mirror for i GUI is a web browser client interface implementation. The browser implementation could allow sensitive information including passwords to be left in memory which could be viewed using common tools for viewing process information on a PC CVE-2023-47741. IBM Db2 Mirror...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)
Summary IBM Db2 Mirror for i setup and GUI use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Db2 Mirror for i has addressed the...