IBM Db2 Mirror For I
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Db2 Mirror For I.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Db2 Mirror For I. Last year, in 2025 Db2 Mirror For I had 2 security vulnerabilities published. Right now, Db2 Mirror For I is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.30 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.90 |
It may take a day or so for new Db2 Mirror For I vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Db2 Mirror For I Security Vulnerabilities
Session ID Reuse in IBM Db2 Mirror for i 7.4-7.6 -> User Impersonation
CVE-2025-36117
6.3 - Medium
- July 23, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
Session Fixation
IBM Db2 Mirror for i GUI WebSocket Hijacking, before 7.7
CVE-2025-36116
6.3 - Medium
- July 23, 2025
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
1385
IBM i & Db2 Mirror Browser Leak Clear-Text Passwords in Memory
CVE-2023-47741
5.3 - Medium
- December 18, 2023
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.
Insufficiently Protected Credentials
IBM Toolbox for Java (Db2 Mirror for i 7.4/7.5) Memory Leak of Sensitive Data
CVE-2022-43928
6.5 - Medium
- April 07, 2023
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Db2 Mirror For I or by IBM? Click the Watch button to subscribe.
