17 matches found
EUVD-2025-22446
Malicious code in bioql PyPI...
EUVD-2025-22447
Malicious code in bioql PyPI...
CVE-2025-36117
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36116
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...
CVE-2025-36116
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...
CVE-2025-36117
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36117 IBM Db2 Mirror for i session fixation
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36117 IBM Db2 Mirror for i session fixation
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36117
CVE-2025-36117 affects IBM Db2 Mirror for i 7.4–7.6. The vulnerability arises because the system does not discard the session id after use, enabling an authenticated user to impersonate another user on the system. Impact is described as session fixation with potential for credential/identity misu...
Security Bulletin: IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities [CVE-2025-36116, CVE-2025-36117].
Summary IBM Db2 Mirror for i GUI is affected by cross-site WebSocket hijacking and session fixation vulnerabilities as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...
PT-2025-30588 · Ibm · Ibm I Db2 Mirror For I
Name of the Vulnerable Software and Affected Versions: IBM Db2 Mirror for i versions 7.4 through 7.6 Description: IBM Db2 Mirror for i does not disallow the session id after use, potentially allowing an authenticated user to impersonate another user on the system. Recommendations: IBM Db2 Mirror...
PT-2025-30587 · Ibm · Ibm I Db2 Mirror For I
Name of the Vulnerable Software and Affected Versions: IBM Db2 Mirror for i versions 7.4 through 7.6 Description: The IBM Db2 Mirror for i GUI is susceptible to a cross-site WebSocket hijacking issue. An unauthenticated malicious actor can exploit this by sending a specially crafted request to...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to an attacker obtaining sensitive information due to a vulnerability in web browser clients (CVE-2023-47741).
Summary IBM Db2 Mirror for i GUI is a web browser client interface implementation. The browser implementation could allow sensitive information including passwords to be left in memory which could be viewed using common tools for viewing process information on a PC CVE-2023-47741. IBM Db2 Mirror...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)
Summary IBM Db2 Mirror for i setup and GUI use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Db2 Mirror for i has addressed the...
CVE-2022-43928 IBM Db2 Mirror for i information disclosure
The IBM Toolbox for Java Db2 Mirror for i 7.4 and 7.5 could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memor...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414)
Summary The IBM Db2 Mirror for i GUI uses the Angular web framework. The version of Angular used by IBM Db2 Mirror for i is vulnerable to cross-site scripting as described in the vulnerability details section. IBM has addressed the vulnerability for IBM Db2 Mirror for i by upgrading to Angular...
Security Bulletin: IBM Db2 Mirror for i is affected by CVE-2019-4536
Summary IBM Db2 Mirror for i configurations may be subject to this security vulnerability. A PTF for IBM i 7.4 and remediation steps are available. Vulnerability Details CVEID: CVE-2019-4536 DESCRIPTION: IBM i 7.4 users who have done a Restore User Profile RSTUSRPRF on a system which has been...