Primary

Context

IBM Db2 Mirror for i Session Fixation Vulnerability Allowing User Impersonation

Vulnerability

A session fixation vulnerability has been identified in IBM Db2 Mirror for i versions 7.4, 7.5, and 7.6. This vulnerability allows an authenticated user to impersonate another user by not properly invalidating the session ID after use.

Impact

Exploitation of this vulnerability could lead to unauthorized user impersonation within the application.

Remediation

Users can apply a Program Temporary Fix (PTF) to address this vulnerability. The PTF numbers for the fixed versions are SJ05739 for 7.4, SJ05742 for 7.5, and SJ05744 for 7.6. These PTFs can be downloaded from the IBM Support Fix Central website.

Added: Jul 23, 2025, 3:56 PM

Updated: Jul 23, 2025, 3:56 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Mirror for i Session Fixation Vulnerability Allowing User Impersonation

Vulnerability

Impact

Remediation

Affected Products

IBM Db2 Mirror for i

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating