Refine your search
54 vulnerabilities found for i by IBM
CVE-2026-1376 (GCVE-0-2026-1376)
Vulnerability from cvelistv5
Published
2026-03-17 21:53
Modified
2026-03-18 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T20:01:00.522101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T20:01:11.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.\u003c/p\u003e"
}
],
"value": "IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T21:53:44.108Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7266422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability now. IBM i Release 5733-SC1 PTF Number(s) PTF Download Link(s) 7.6 SJ09012 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09012 IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now. IBM i Release 5733-SC1 PTF Number(s) PTF Download Link(s) 7.6 SJ09012 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09012 IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products."
}
],
"title": "IBM i Denial of Service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1376",
"datePublished": "2026-03-17T21:53:44.108Z",
"dateReserved": "2026-01-23T18:15:46.717Z",
"dateUpdated": "2026-03-18T20:01:11.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36371 (GCVE-0-2025-36371)
Vulnerability from cvelistv5
Published
2025-11-19 19:45
Modified
2025-11-19 20:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-598 - Use of GET Request Method With Sensitive Query Strings
Summary
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:18:24.302321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:18:56.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.\u0026nbsp; A user with access to the database plan cache could see information they do not have authority to view.\u003c/p\u003e"
}
],
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.\u00a0 A user with access to the database plan cache could see information they do not have authority to view."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T19:45:31.840Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7251699"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM i Release 5770-SS1 PTF Number(s) PTF Download Link(s) 7.6 MJ07546 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07546 7.5 MJ07605 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07605 7.4 MJ07545 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07545 7.3 MJ07557 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07557 7.2 MJ07567 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07567 IBM recommends that all users running unsupported versions of affected products upgrade to a supported version of the affected product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM i Release 5770-SS1 PTF Number(s) PTF Download Link(s) 7.6 MJ07546 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07546 7.5 MJ07605 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07605 7.4 MJ07545 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07545 7.3 MJ07557 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07557 7.2 MJ07567 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ07567 IBM recommends that all users running unsupported versions of affected products upgrade to a supported version of the affected product."
}
],
"title": "IBM i Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36371",
"datePublished": "2025-11-19T19:45:31.840Z",
"dateReserved": "2025-04-15T21:16:56.324Z",
"dateUpdated": "2025-11-19T20:18:56.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36367 (GCVE-0-2025-36367)
Vulnerability from cvelistv5
Published
2025-11-01 12:01
Modified
2026-02-26 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T04:55:14.649352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:40.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.\u003c/p\u003e"
}
],
"value": "IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-01T12:07:50.167Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249915"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability now. IBM i Release 5770-SS1 PTF Number(s) PTF Download Link(s) 7.6 SJ07552 SJ07650 SJ07651 SJ07652 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07552 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07650 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07651 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07652 7.5 SJ07553 SJ07653 SJ07654 SJ07655 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07553 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07653 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07654 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07655 7.4 SJ07554 SJ07656 SJ07657 SJ07658 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07554 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07656 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07657 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07658 7.3 SJ07555 SJ07659 SJ07660 SJ07661 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07555 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07659 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07660 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07661 7.2 SJ07556 SJ07662 SJ07663 SJ07664 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07556 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07662 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07663 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07664 IBM recommends that all users running unsupported versions of affected products upgrade to a supported version of the affected product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now. IBM i Release 5770-SS1 PTF Number(s) PTF Download Link(s) 7.6 SJ07552 SJ07650 SJ07651 SJ07652 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07552 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07650 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07651 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07652 7.5 SJ07553 SJ07653 SJ07654 SJ07655 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07553 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07653 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07654 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07655 7.4 SJ07554 SJ07656 SJ07657 SJ07658 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07554 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07656 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07657 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07658 7.3 SJ07555 SJ07659 SJ07660 SJ07661 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07555 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07659 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07660 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07661 7.2 SJ07556 SJ07662 SJ07663 SJ07664 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07556 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07662 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07663 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ07664 IBM recommends that all users running unsupported versions of affected products upgrade to a supported version of the affected product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i is affected by a privilege escalation in IBM i SQL services",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36367",
"datePublished": "2025-11-01T12:01:31.137Z",
"dateReserved": "2025-04-15T21:16:55.332Z",
"dateUpdated": "2026-02-26T17:47:40.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36119 (GCVE-0-2025-36119)
Vulnerability from cvelistv5
Published
2025-08-08 14:25
Modified
2026-02-26 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T15:03:47.107444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:46.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator."
}
],
"value": "IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:25:40.141Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241008"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issue can be fixed by applying a PTF to IBM i. IBM i 7.6, 7.5, 7.4, and 7.3 are addressed.\u003cbr\u003eThe IBM i PTF number for 5770-SS1 Option 34 contains the fix for the vulnerability.\u003cbr\u003e \u003cbr\u003eIBM i Release 5770-SS1\u003cbr\u003e7.6 SJ06558 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06558\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06558\u003c/a\u003e\u003cbr\u003e7.5\u0026nbsp;SJ06557 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06557\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06557\u003c/a\u003e\u003cbr\u003e7.4\u0026nbsp;SJ06552 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06552\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06552\u003c/a\u003e\u003cbr\u003e7.3 SJ06550 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06550\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06550\u003cbr\u003e\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral\"\u003ehttps://www.ibm.com/support/fixcentral\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eImportant note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.\u003cbr\u003e"
}
],
"value": "The issue can be fixed by applying a PTF to IBM i. IBM i 7.6, 7.5, 7.4, and 7.3 are addressed.\nThe IBM i PTF number for 5770-SS1 Option 34 contains the fix for the vulnerability.\n \nIBM i Release 5770-SS1\n7.6 SJ06558 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06558 \n7.5\u00a0SJ06557 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06557 \n7.4\u00a0SJ06552 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06552 \n7.3 SJ06550 https://www.ibm.com/support/fixcentral \n\nImportant note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36119",
"datePublished": "2025-08-08T14:25:40.141Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2026-02-26T17:49:46.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33109 (GCVE-0-2025-33109)
Vulnerability from cvelistv5
Published
2025-07-24 15:06
Modified
2026-02-26 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T03:55:30.375101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:15.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions."
}
],
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:28:18.727Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240410"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issue can be addressed by applying PTFs to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3. and 7.2 will be addressed.\u003cbr\u003eThe IBM i 5770-SS1 PTF numbers listed below resolve the vulnerability.\u003cbr\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e7.6\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSJ05809\u003cbr\u003eSJ05810\u003cbr\u003eSJ05837\u003cbr\u003eSJ05960\u003cbr\u003eSJ06021\u003cbr\u003eSJ06219\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05809\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05809\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05810\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05810\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05837\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05837\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05960\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05960\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06021\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06021\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06219\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06219\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.5\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSJ05838\u003cbr\u003eSJ05847\u003cbr\u003eSJ05850\u003cbr\u003eSJ05851\u003cbr\u003eSJ05953\u003cbr\u003eSJ06022\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05838\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05838\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05847\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05847\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05850\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05850\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05851\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05851\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05953\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05953\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06022\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06022\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.4\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSJ05839\u003cbr\u003eSJ05846\u003cbr\u003eSJ05852\u003cbr\u003eSJ05853\u003cbr\u003eSJ05959\u003cbr\u003eSJ06023\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05839\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05839\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05846\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05846\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05852\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05852\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05853\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05853\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05959\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05959\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06023\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06023\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.3\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSJ05840\u003cbr\u003eSJ05845\u003cbr\u003eSJ05854\u003cbr\u003eSJ05855\u003cbr\u003eSJ05966\u003cbr\u003eSJ06477\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05840\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05840\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05845\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05845\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05854\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05854\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05855\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05855\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05966\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05966\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06477\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06477\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e7.2\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSJ05842\u003cbr\u003eSJ05844\u003cbr\u003eSJ05856\u003cbr\u003eSJ05857\u003cbr\u003eSJ05965\u003cbr\u003eSJ06478\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05842\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05842\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05844\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05844\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05856\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05856\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05857\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05857\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05965\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05965\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06478\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06478\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
}
],
"value": "The issue can be addressed by applying PTFs to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3. and 7.2 will be addressed.\nThe IBM i 5770-SS1 PTF numbers listed below resolve the vulnerability.\n\n\n\n7.6SJ05809\nSJ05810\nSJ05837\nSJ05960\nSJ06021\nSJ06219\n\n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05809 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05810 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05837 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05960 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06021 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06219 \n\n7.5SJ05838\nSJ05847\nSJ05850\nSJ05851\nSJ05953\nSJ06022\n\n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05838 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05847 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05850 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05851 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05953 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06022 \n\n7.4SJ05839\nSJ05846\nSJ05852\nSJ05853\nSJ05959\nSJ06023\n\n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05839 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05846 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05852 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05853 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05959 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06023 \n\n7.3SJ05840\nSJ05845\nSJ05854\nSJ05855\nSJ05966\nSJ06477\n\n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05840 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05845 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05854 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05855 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05966 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06477 \n\n7.2SJ05842\nSJ05844\nSJ05856\nSJ05857\nSJ05965\nSJ06478\n\n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05842 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05844 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05856 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05857 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05965 \n https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06478"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33109",
"datePublished": "2025-07-24T15:06:49.888Z",
"dateReserved": "2025-04-15T17:50:49.744Z",
"dateUpdated": "2026-02-26T17:50:15.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36004 (GCVE-0-2025-36004)
Vulnerability from cvelistv5
Published
2025-06-25 02:32
Modified
2026-02-26 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T03:55:18.901503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:25.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zoltan Panczel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege."
}
],
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:41:24.587Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237732"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issue can be fixed by applying a PTF to IBM i. IBM i 7.5, 7.4, 7.3, and 7.2 are addressed.\u003cbr\u003eThe IBM i PTF number for 5798-FAX contains the fix for the vulnerability. 5798-FAX is a skip ship product installable on the listed releases. \u003cbr\u003e \u003cbr\u003eIBM i Release 5798-FAX\u0026nbsp;\u0026nbsp;7.2 7.3 7.4 7.5 SJ06024 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06024\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06024\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "The issue can be fixed by applying a PTF to IBM i. IBM i 7.5, 7.4, 7.3, and 7.2 are addressed.\nThe IBM i PTF number for 5798-FAX contains the fix for the vulnerability. 5798-FAX is a skip ship product installable on the listed releases. \n \nIBM i Release 5798-FAX\u00a0\u00a07.2 7.3 7.4 7.5 SJ06024 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36004",
"datePublished": "2025-06-25T02:32:40.332Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2026-02-26T17:50:25.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33122 (GCVE-0-2025-33122)
Vulnerability from cvelistv5
Published
2025-06-17 17:13
Modified
2025-08-24 11:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T17:25:22.448751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:25:49.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege."
}
],
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:51:42.054Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237040"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issue can be fixed by applying a PTF to IBM i. IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 are addressed.\u003cbr\u003eThe IBM i PTF number for 5770-JS1 contains the fix for the vulnerability. 5770-JS1 is a skip ship product installable on the listed releases. \u003cbr\u003e \u003cbr\u003eIBM i Release 5770-JS1\u0026nbsp;7.2, 7.3, 7.4, 7.5, 7.6\u003cbr\u003e\u003cbr\u003eSJ05929 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05929\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05929\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "The issue can be fixed by applying a PTF to IBM i. IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 are addressed.\nThe IBM i PTF number for 5770-JS1 contains the fix for the vulnerability. 5770-JS1 is a skip ship product installable on the listed releases. \n \nIBM i Release 5770-JS1\u00a07.2, 7.3, 7.4, 7.5, 7.6\n\nSJ05929 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05929"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vuln0gram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33122",
"datePublished": "2025-06-17T17:13:00.835Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-24T11:51:42.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33103 (GCVE-0-2025-33103)
Vulnerability from cvelistv5
Published
2025-05-17 16:02
Modified
2026-02-26 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T03:55:15.857702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:06.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system."
}
],
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:06:05.252Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7233799"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed.\u003cbr\u003eThe IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability.\u003cbr\u003e\u003cbr\u003eIBM i Release 5770-TC1\u003cbr\u003ePTF Number PTF Download Link\u003cbr\u003e7.6 SJ05513 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513\u003c/a\u003e\u003cbr\u003e7.5 SJ05494 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494\u003c/a\u003e\u003cbr\u003e7.4 SJ05505 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505\u003c/a\u003e\u003cbr\u003e7.3 SJ05514 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514\u003c/a\u003e\u003cbr\u003e7.2 SJ05525 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed.\nThe IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability.\n\nIBM i Release 5770-TC1\nPTF Number PTF Download Link\n7.6 SJ05513 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513 \n7.5 SJ05494 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494 \n7.4 SJ05505 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505 \n7.3 SJ05514 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514 \n7.2 SJ05525 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33103",
"datePublished": "2025-05-17T16:02:29.639Z",
"dateReserved": "2025-04-15T17:50:40.774Z",
"dateUpdated": "2026-02-26T18:28:06.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3218 (GCVE-0-2025-3218)
Vulnerability from cvelistv5
Published
2025-05-07 01:10
Modified
2025-09-01 00:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:22:10.720189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T13:22:16.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server."
}
],
"value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T00:35:12.463Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232750"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3 and 7.2 will be fixed.\u003cbr\u003eThe IBM i PTF numbers for 5770-999 contain the fixes for the vulnerability.\u003cbr\u003e"
}
],
"value": "The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3 and 7.2 will be fixed.\nThe IBM i PTF numbers for 5770-999 contain the fixes for the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3218",
"datePublished": "2025-05-07T01:10:57.713Z",
"dateReserved": "2025-04-03T13:39:20.796Z",
"dateUpdated": "2025-09-01T00:35:12.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2950 (GCVE-0-2025-2950)
Vulnerability from cvelistv5
Published
2025-04-18 14:50
Modified
2025-08-28 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Summary
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:59:32.230987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:08:43.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior."
}
],
"value": "IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:41:27.679Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7231320"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i improper HTTP header neutralization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2950",
"datePublished": "2025-04-18T14:50:21.165Z",
"dateReserved": "2025-03-29T16:56:59.875Z",
"dateUpdated": "2025-08-28T16:41:27.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2947 (GCVE-0-2025-2947)
Vulnerability from cvelistv5
Published
2025-04-17 17:10
Modified
2026-02-26 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-278 - Insecure Preserved Inherited Permissions
Summary
IBM i 7.6
contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T03:55:20.132532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:10.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.6\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u0026nbsp;A malicious actor can use the command to elevate privileges to gain root access to the host operating system.\u003c/span\u003e"
}
],
"value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278 Insecure Preserved Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:40:47.631Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7231025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2947",
"datePublished": "2025-04-17T17:10:52.646Z",
"dateReserved": "2025-03-29T13:27:47.251Z",
"dateUpdated": "2026-02-26T18:28:10.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55898 (GCVE-0-2024-55898)
Vulnerability from cvelistv5
Published
2025-02-24 02:01
Modified
2025-02-24 11:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T11:43:07.021433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T11:43:23.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege."
}
],
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T02:01:55.854Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183835"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-55898",
"datePublished": "2025-02-24T02:01:55.854Z",
"dateReserved": "2024-12-12T18:07:11.452Z",
"dateUpdated": "2025-02-24T11:43:23.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52895 (GCVE-0-2024-52895)
Vulnerability from cvelistv5
Published
2025-02-14 14:36
Modified
2025-02-14 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T15:01:42.964479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T15:01:56.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database."
}
],
"value": "IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:36:21.990Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52895",
"datePublished": "2025-02-14T14:36:21.990Z",
"dateReserved": "2024-11-17T14:25:44.935Z",
"dateUpdated": "2025-02-14T15:01:56.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35122 (GCVE-0-2024-35122)
Vulnerability from cvelistv5
Published
2025-01-24 17:27
Modified
2025-09-29 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T17:48:19.223233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:14.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file."
}
],
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:10:26.137Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7178317"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35122",
"datePublished": "2025-01-24T17:27:26.745Z",
"dateReserved": "2024-05-09T16:27:14.739Z",
"dateUpdated": "2025-09-29T15:10:26.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55897 (GCVE-0-2024-55897)
Vulnerability from cvelistv5
Published
2025-01-03 22:28
Modified
2025-03-13 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
IBM PowerHA SystemMirror for i 7.4 and 7.5
does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:16:39.689456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T15:54:02.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM PowerHA SystemMirror for i 7.4 and 7.5 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM PowerHA SystemMirror for i 7.4 and 7.5 \n\ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-04T01:20:17.071Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM PowerHA SystemMirror for i information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-55897",
"datePublished": "2025-01-03T22:28:38.502Z",
"dateReserved": "2024-12-12T18:07:11.452Z",
"dateUpdated": "2025-03-13T15:54:02.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55896 (GCVE-0-2024-55896)
Vulnerability from cvelistv5
Published
2025-01-03 22:27
Modified
2025-01-06 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Summary
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:16:43.290291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:33:47.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. \u0026nbsp;This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.\u003c/span\u003e"
}
],
"value": "IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. \u00a0This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T22:27:43.940Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM PowerHA SystemMirror for i clickjacking",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-55896",
"datePublished": "2025-01-03T22:27:43.940Z",
"dateReserved": "2024-12-12T18:07:11.452Z",
"dateUpdated": "2025-01-06T16:33:47.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51463 (GCVE-0-2024-51463)
Vulnerability from cvelistv5
Published
2024-12-21 13:46
Modified
2025-11-03 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
IBM i 7.3, 7.4, and 7.5
is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T02:29:43.515752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T02:29:58.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:32.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM i 7.3, 7.4, and 7.5 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM i 7.3, 7.4, and 7.5 \n\nis vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-21T13:46:01.436Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179509"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i server-side request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51463",
"datePublished": "2024-12-21T13:46:01.436Z",
"dateReserved": "2024-10-28T10:50:10.475Z",
"dateUpdated": "2025-11-03T22:28:32.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51464 (GCVE-0-2024-51464)
Vulnerability from cvelistv5
Published
2024-12-21 13:44
Modified
2025-11-03 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T02:30:58.435673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:30:33.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:34.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hyp3rlinx"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.\u003c/span\u003e"
}
],
"value": "IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-25T14:55:51.819Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7179509"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51464",
"datePublished": "2024-12-21T13:44:59.157Z",
"dateReserved": "2024-10-28T10:50:10.475Z",
"dateUpdated": "2025-11-03T22:28:34.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47104 (GCVE-0-2024-47104)
Vulnerability from cvelistv5
Published
2024-12-18 10:53
Modified
2024-12-18 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T14:41:26.750109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T14:41:39.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.\u003c/span\u003e\n\n\n\n\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T10:53:19.133Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7179158"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i incorrect privilege assignment",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-47104",
"datePublished": "2024-12-18T10:53:19.133Z",
"dateReserved": "2024-09-18T19:26:44.571Z",
"dateUpdated": "2024-12-18T14:41:39.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38330 (GCVE-0-2024-38330)
Vulnerability from cvelistv5
Published
2024-07-08 01:12
Modified
2024-08-02 04:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T12:54:47.131647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T12:55:11.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159615"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zoltan Panczel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227."
}
],
"value": "IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T01:12:50.812Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159615"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295227"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38330",
"datePublished": "2024-07-08T01:12:50.812Z",
"dateReserved": "2024-06-13T21:43:59.170Z",
"dateUpdated": "2024-08-02T04:04:25.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31890 (GCVE-0-2024-31890)
Vulnerability from cvelistv5
Published
2024-06-21 09:39
Modified
2024-08-02 01:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:21:12.327380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:22:46.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7158240"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171."
}
],
"value": "IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T09:39:18.569Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7158240"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288171"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31890",
"datePublished": "2024-06-21T09:39:18.569Z",
"dateReserved": "2024-04-07T12:44:57.194Z",
"dateUpdated": "2024-08-02T01:59:50.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27275 (GCVE-0-2024-27275)
Vulnerability from cvelistv5
Published
2024-06-15 13:49
Modified
2025-09-29 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27275",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T03:56:01.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7157637"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support."
}
],
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:04:45.978Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7157637"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27275",
"datePublished": "2024-06-15T13:49:32.863Z",
"dateReserved": "2024-02-22T01:26:52.587Z",
"dateUpdated": "2025-09-29T15:04:45.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31870 (GCVE-0-2024-31870)
Vulnerability from cvelistv5
Published
2024-06-15 13:47
Modified
2024-08-22 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Response Discrepancy Information Exposure
Summary
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "db2_for_i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "db2_for_i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "db2_for_i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "db2_for_i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-15T19:38:13.743475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T19:47:46.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-22T18:03:12.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7157638"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287174"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zoltan Panczel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174."
}
],
"value": "IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T13:47:19.126Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7157638"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287174"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31870",
"datePublished": "2024-06-15T13:47:19.126Z",
"dateReserved": "2024-04-07T12:44:32.085Z",
"dateUpdated": "2024-08-22T18:03:12.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31878 (GCVE-0-2024-31878)
Vulnerability from cvelistv5
Published
2024-06-07 13:21
Modified
2024-08-02 01:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T18:25:42.534826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:25:56.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7156725"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538."
}
],
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T13:21:52.509Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7156725"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287538"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31878",
"datePublished": "2024-06-07T13:21:52.509Z",
"dateReserved": "2024-04-07T12:44:32.086Z",
"dateUpdated": "2024-08-02T01:59:50.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27264 (GCVE-0-2024-27264)
Vulnerability from cvelistv5
Published
2024-05-22 19:21
Modified
2024-08-02 00:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 264 Permissions, Privileges, Access Controls
Summary
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:18:04.157619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:47.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154595"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563."
}
],
"value": "IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "264 Permissions, Privileges, Access Controls",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:21:55.242Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154595"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284563"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Performance Tools for i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-27264",
"datePublished": "2024-05-22T19:21:55.242Z",
"dateReserved": "2024-02-22T01:26:39.520Z",
"dateUpdated": "2024-08-02T00:27:59.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31879 (GCVE-0-2024-31879)
Vulnerability from cvelistv5
Published
2024-05-18 15:40
Modified
2024-08-02 01:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:48:44.436939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:12.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:49.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154380"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539."
}
],
"value": "IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T02:31:05.087Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154380"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287539"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31879",
"datePublished": "2024-05-18T15:40:03.867Z",
"dateReserved": "2024-04-07T12:44:32.087Z",
"dateUpdated": "2024-08-02T01:59:49.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25050 (GCVE-0-2024-25050)
Vulnerability from cvelistv5
Published
2024-04-28 12:16
Modified
2024-08-01 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | i |
Version: 7.2, 7.3, 7.4, 7.5 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:rational_development_studio_for_i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rational_development_studio_for_i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:rational_development_studio_for_i:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rational_development_studio_for_i:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rational_development_studio_for_i:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rational_development_studio_for_i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rational_development_studio_for_i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T13:59:09.822043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:08:33.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7149672"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7149616"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rational Development Studio for i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242."
}
],
"value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T12:16:32.538Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7149672"
},
{
"url": "https://www.ibm.com/support/pages/node/7149616"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-25050",
"datePublished": "2024-04-28T12:16:32.538Z",
"dateReserved": "2024-02-03T14:49:33.094Z",
"dateUpdated": "2024-08-01T23:36:21.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22346 (GCVE-0-2024-22346)
Vulnerability from cvelistv5
Published
2024-03-14 18:40
Modified
2024-09-20 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.2"
}
]
},
{
"cpes": [
"cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.4"
}
]
},
{
"cpes": [
"cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "i",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "7.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T20:05:11.557307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T20:05:29.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7140499"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203."
}
],
"value": "Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T19:12:28.106Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7140499"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280203"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22346",
"datePublished": "2024-03-14T18:40:54.309Z",
"dateReserved": "2024-01-08T23:42:25.451Z",
"dateUpdated": "2024-09-20T19:12:28.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43064 (GCVE-0-2023-43064)
Vulnerability from cvelistv5
Published
2023-12-25 02:02
Modified
2024-11-21 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7101330"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267689"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T16:40:16.937062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:03:24.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 7.3, 7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689."
}
],
"value": "Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T02:02:23.683Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7101330"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267689"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43064",
"datePublished": "2023-12-25T02:02:23.683Z",
"dateReserved": "2023-09-15T01:12:39.149Z",
"dateUpdated": "2024-11-21T19:03:24.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47741 (GCVE-0-2023-47741)
Vulnerability from cvelistv5
Published
2023-12-18 19:09
Modified
2024-09-16 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 525 Information Exposure Through Browser Caching
Summary
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | i |
Version: 7.3, 7.4, 7.5 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7097785"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7097801"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:42:56.904994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:43:12.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Mirror for i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.4, 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim\u0027s PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim\u0027s PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "525 Information Exposure Through Browser Caching",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T19:09:58.816Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7097785"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7097801"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47741",
"datePublished": "2023-12-18T19:09:58.816Z",
"dateReserved": "2023-11-09T11:31:41.192Z",
"dateUpdated": "2024-09-16T18:43:12.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}