CVE-2025-36116 Information
Jul 24, 2025
cve
Description
IBM Db2 Mirror for i 7.4 7.5 and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Reference
https://www.ibm.com/support/pages/node/7240351
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
6.3
Related CNNVD
CNNVD-202507-3027 (Published: 2025-07-23)
Share on: