Metrics
Affected Vendors & Products
Solution
The issues can be fixed by applying a PTF to IBM i. IBM Db2 Mirror for i releases 7.6, 7.5, and 7.4 will be fixed. The PTF numbers for 5770-DBM containing the fix for the vulnerabilities are in the following table. IBM i Release 5770-DBM PTF Numbers PTF Download Link 7.4 SJ05739 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05739 7.5 SJ05742 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05742 7.6 SJ05744 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05744 https://www.ibm.com/support/fixcentral
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7240351 |
![]() ![]() |
Wed, 23 Jul 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 23 Jul 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system. | |
Title | IBM Db2 Mirror for i session fixation | |
First Time appeared |
Ibm
Ibm db2 Mirror For I |
|
Weaknesses | CWE-384 | |
CPEs | cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm db2 Mirror For I |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-18T01:30:05.928Z
Reserved: 2025-04-15T21:16:17.124Z
Link: CVE-2025-36117

Updated: 2025-07-23T14:57:59.664Z

Status : Analyzed
Published: 2025-07-23T15:15:31.867
Modified: 2025-08-07T14:36:42.153
Link: CVE-2025-36117

No data.

No data.