{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36116", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:17.124Z", "datePublished": "2025-07-23T14:26:06.865Z", "dateUpdated": "2025-08-18T01:30:27.202Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Db2 Mirror for i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.4, 7.5, 7.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform."}], "value": "IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1385", "description": "CWE-1385 Missing Origin Validation in WebSockets", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:30:27.202Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7240351"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The issues can be fixed by applying a PTF to IBM i. IBM Db2 Mirror for i releases 7.6, 7.5, and 7.4 will be fixed. <br><br>The PTF numbers for 5770-DBM containing the fix for the vulnerabilities are in the following table. <br><br>IBM i Release 5770-DBM PTF Numbers PTF Download Link<br>7.4 SJ05739 &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739</a><br>7.5 SJ05742 &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742</a><br>7.6 SJ05744 &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744</a><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral\">https://www.ibm.com/support/fixcentral</a><br>"}], "value": "The issues can be fixed by applying a PTF to IBM i. IBM Db2 Mirror for i releases 7.6, 7.5, and 7.4 will be fixed. \n\nThe PTF numbers for 5770-DBM containing the fix for the vulnerabilities are in the following table. \n\nIBM i Release 5770-DBM PTF Numbers PTF Download Link\n7.4 SJ05739 \u00a0 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739 \n7.5 SJ05742 \u00a0 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742 \n7.6 SJ05744 \u00a0 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744 \n https://www.ibm.com/support/fixcentral"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Db2 Mirror for i cross-site websocket hijacking", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-23T14:57:44.059769Z", "id": "CVE-2025-36116", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T15:13:52.554Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-23T14:57:44.059769Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T14:57:48.283Z"}}], "cna": {"title": "IBM Db2 Mirror for i cross-site websocket hijacking", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Db2 Mirror for i", "versions": [{"status": "affected", "version": "7.4, 7.5, 7.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The issues can be fixed by applying a PTF to IBM i. IBM Db2 Mirror for i releases 7.6, 7.5, and 7.4 will be fixed. \n\nThe PTF numbers for 5770-DBM containing the fix for the vulnerabilities are in the following table. \n\nIBM i Release 5770-DBM PTF Numbers PTF Download Link\n7.4 SJ05739 \u00a0 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739 \n7.5 SJ05742 \u00a0 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742 \n7.6 SJ05744 \u00a0 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744 \n https://www.ibm.com/support/fixcentral", "supportingMedia": [{"type": "text/html", "value": "The issues can be fixed by applying a PTF to IBM i. IBM Db2 Mirror for i releases 7.6, 7.5, and 7.4 will be fixed. <br><br>The PTF numbers for 5770-DBM containing the fix for the vulnerabilities are in the following table. <br><br>IBM i Release 5770-DBM PTF Numbers PTF Download Link<br>7.4 SJ05739 &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739</a><br>7.5 SJ05742 &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742</a><br>7.6 SJ05744 &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744</a><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral\">https://www.ibm.com/support/fixcentral</a><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7240351", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.", "supportingMedia": [{"type": "text/html", "value": "IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1385", "description": "CWE-1385 Missing Origin Validation in WebSockets"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:30:27.202Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36116", "state": "PUBLISHED", "dateUpdated": "2025-08-18T01:30:27.202Z", "dateReserved": "2025-04-15T21:16:17.124Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-07-23T14:26:06.865Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "6D81F028-D6CF-41BD-95A8-C6676C307E8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "37C5BD86-7FB3-445C-95F5-F3D7CE2C597A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "75F1B598-7215-4B7D-A12E-13ABD5AECA0E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform."}, {"lang": "es", "value": "La interfaz gr\u00e1fica de usuario de IBM Db2 Mirror para i 7.4, 7.5 y 7.6 se ve afectada por una vulnerabilidad de secuestro de WebSocket entre sitios. Al enviar una solicitud especialmente manipulada, un agente malicioso no autenticado podr\u00eda explotar esta vulnerabilidad para rastrear una conexi\u00f3n WebSocket existente y, posteriormente, realizar de forma remota operaciones no permitidas para el usuario."}], "id": "CVE-2025-36116", "lastModified": "2025-08-07T14:36:55.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-07-23T15:15:31.690", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7240351"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1385"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}