← Zuruck zu CVEs
CVE-2025-36116
MEDIUM6.3
Beschreibung
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
CVE Details
CVSS v3.1 Bewertung6.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht7/23/2025
Zuletzt geandert8/7/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ibm:db2_mirror_for_i
Schwachen (CWE)
CWE-1385
Referenzen
https://www.ibm.com/support/pages/node/7240351(psirt@us.ibm.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.