Severity
High
Analysis Summary
CVE-2025-33077 CVSS:8.8
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
CVE-2025-33076 CVSS:8.8
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
CVE-2025-33020 CVSS:5.9
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
CVE-2025-36117 CVSS:6.3
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
CVE-2025-36116 CVSS:6.3
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
Impact
- Code Execution
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2025-33077
CVE-2025-33076
CVE-2025-33020
CVE-2025-36117
CVE-2025-36116
Affected Vendors
- IBM
Affected Products
- IBM Db2 Mirror for i 7.4
- IBM Db2 Mirror for i 7.5
- IBM Engineering Systems Design Rhapsody 9.0.2
- IBM Engineering Systems Design Rhapsody 10.0
- IBM Engineering Systems Design Rhapsody 10.0.1
- IBM Db2 Mirror for i 7.6
Remediation
Refer to IBM Website for patch, upgrade, or suggested workaround information.