IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7240351 |
![]() ![]() |
History
Wed, 23 Jul 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 23 Jul 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform. | |
Title | IBM Db2 Mirror for i cross-site websocket hijacking | |
First Time appeared |
Ibm
Ibm db2 Mirror For I |
|
Weaknesses | CWE-1385 | |
CPEs | cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm db2 Mirror For I |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published: 2025-07-23T14:26:06.865Z
Updated: 2025-07-23T15:13:52.554Z
Reserved: 2025-04-15T21:16:17.124Z
Link: CVE-2025-36116

Updated: 2025-07-23T14:57:48.283Z

Status : Awaiting Analysis
Published: 2025-07-23T15:15:31.690
Modified: 2025-07-25T15:29:44.523
Link: CVE-2025-36116

No data.