MEDIUM🇵🇱 Wersja polska

CVE-2025-36117

CVSS 6.3v3.1pub. 2025-07-23upd. 2025-08-07

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • IBM Db2 Mirror For I

    APP
    Ibm
    7.47.57.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-36116MEDIUM6.3ten sam produkt

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By se...

CVE-2023-47741MEDIUM5.3ten sam produkt

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in...

CVE-2022-43928MEDIUM4.9ten sam produkt

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, ca...

CVE-2022-47986CRITICAL9.8⚠ KEVten sam vendor

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2020-4427CRITICAL9.8⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...