Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-0868

Description

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

Affected products

Bosanova/Launcher400
cpe:2.3:a:bosanova:launcher400:*:*:*:*:*:*:*:*
IBM/Client Access
cpe:2.3:a:ibm:client_access:*:*:*:*:*:*:*:*
Mochasoft/Tn5250
cpe:2.3:a:mochasoft:tn5250:*:*:*:*:*:*:*:*
Powerterm/Interconnect
cpe:2.3:a:powerterm:interconnect:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdfnvdExploit
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000