13 matches found
Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery due to Angular [CVE-2025-66412, CVE-2026-22610, CVE-2025-66035]
Summary The IBM Db2 Mirror for i GUI uses the Angular web framework. The version of Angular used by IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery as described in the vulnerability details section. IBM has addressed the vulnerabilities for IBM Db2 Mirror...
EUVD-2019-14143
Malware in sbrugna...
CVE-2023-47741
CVE-2023-47741 affects IBM Db2 Mirror for i web browser clients and IBM i web browser clients on IBM i 7.3–7.5 (and Db2 Mirror for i 7.4–7.5). The issue allows clear-text passwords to linger in browser memory and be viewable via tools before garbage collection, potentially enabling an attacker wi...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to an attacker obtaining sensitive information due to a vulnerability in web browser clients (CVE-2023-47741).
Summary IBM Db2 Mirror for i GUI is a web browser client interface implementation. The browser implementation could allow sensitive information including passwords to be left in memory which could be viewed using common tools for viewing process information on a PC CVE-2023-47741. IBM Db2 Mirror...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)
Summary IBM Db2 Mirror for i setup and GUI use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Db2 Mirror for i has addressed the...
CVE-2022-43928 IBM Db2 Mirror for i information disclosure
The IBM Toolbox for Java Db2 Mirror for i 7.4 and 7.5 could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memor...
IBM Db2 安全漏洞
IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 Mirror for i version 7.4 and 7.5, which stems from the presence of sensitive...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225
Summary IBM Db2 Mirror for i setup and GUI use gson which is vulnerable to denial of service as described in the vulnerability details section. IBM has addressed the vulnerability for IBM Db2 Mirror for i. Vulnerability Details IBM X-Force ID: 217225 DESCRIPTION: Google Gson is vulnerable to a...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785)
Summary The IBM Db2 Mirror for i GUI uses Chart.js for data presentation and charting features. The version of Chart.js used by IBM Db2 Mirror for i depends upon Moment.js which is vulnerable to CVE-2022-24785 as described in the vulnerability details section. IBM has addressed the vulnerability...
Design/Logic Flaw
IBM i 7.4 users who have done a Restore User Profile RSTUSRPRF on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this...
CVE-2019-4536
IBM i 7.4 configured with Db2 Mirror for i may be affected. During a Restore User Profile (RSTUSRPRF) on systems with Db2 Mirror, incorrect processing of a multi-profile restore could leave some user profiles with elevated privileges, enabling privilege escalation on the restored system. Remediat...
CVE-2019-4536
IBM i 7.4 users who have done a Restore User Profile RSTUSRPRF on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this...
PT-2019-17120 · Ibm · Ibm I +1
Name of the Vulnerable Software and Affected Versions: IBM i version 7.4 Description: The issue arises when a Restore User Profile RSTUSRPRF is performed on a system configured with Db2 Mirror for i, potentially resulting in user profiles having elevated privileges due to incorrect processing...