Metrics
Affected Vendors & Products
Solution
The issues can be fixed by applying a PTF to IBM i. IBM Db2 Mirror for i releases 7.6, 7.5, and 7.4 will be fixed. The PTF numbers for 5770-DBM containing the fix for the vulnerabilities are in the following table. IBM i Release 5770-DBM PTF Numbers PTF Download Link 7.4 SJ05739 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739 7.5 SJ05742 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742 7.6 SJ05744 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744 https://www.ibm.com/support/fixcentral
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7240351 |
![]() ![]() |
Wed, 23 Jul 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 23 Jul 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform. | |
Title | IBM Db2 Mirror for i cross-site websocket hijacking | |
First Time appeared |
Ibm
Ibm db2 Mirror For I |
|
Weaknesses | CWE-1385 | |
CPEs | cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm db2 Mirror For I |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-18T01:30:27.202Z
Reserved: 2025-04-15T21:16:17.124Z
Link: CVE-2025-36116

Updated: 2025-07-23T14:57:48.283Z

Status : Analyzed
Published: 2025-07-23T15:15:31.690
Modified: 2025-08-07T14:36:55.043
Link: CVE-2025-36116

No data.

No data.