IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
History

Wed, 23 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
Description IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
Title IBM Db2 Mirror for i cross-site websocket hijacking
First Time appeared Ibm
Ibm db2 Mirror For I
Weaknesses CWE-1385
CPEs cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm db2 Mirror For I
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-07-23T14:26:06.865Z

Updated: 2025-07-23T15:13:52.554Z

Reserved: 2025-04-15T21:16:17.124Z

Link: CVE-2025-36116

cve-icon Vulnrichment

Updated: 2025-07-23T14:57:48.283Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-23T15:15:31.690

Modified: 2025-07-25T15:29:44.523

Link: CVE-2025-36116

cve-icon Redhat

No data.