Описание
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_mirror_for_i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_mirror_for_i:7.6:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00027
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-1385
Связанные уязвимости
CVSS3: 6.3
github
7 месяцев назад
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
EPSS
Процентиль: 7%
0.00027
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-1385