VYPR

I

by IBM

CVEs (62)

  • CVE-2026-7870HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2017-1460HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379.

  • CVE-2026-6936MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a…

  • CVE-2026-2311MedApr 30, 2026
    risk 0.42cvss 6.4epss 0.00

    IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2024-51463Dec 21, 2024
    risk 0.03cvss epss 0.01

    IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2024-51464Dec 21, 2024
    risk 0.03cvss epss 0.01

    IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using…

  • CVE-2026-10852Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

  • CVE-2026-9072Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can…

  • CVE-2026-8858Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker…

  • CVE-2026-1376Mar 17, 2026
    risk 0.00cvss epss 0.01

    IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

  • CVE-2025-36371Nov 19, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see information they do not have authority to view.

  • CVE-2025-36367Nov 1, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

  • CVE-2025-36119Aug 8, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability…

  • CVE-2025-33109Jul 24, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some…

  • CVE-2025-36004Jun 25, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2025-33122Jun 17, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2025-33108Jun 14, 2025
    risk 0.00cvss epss 0.01

    IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with…

  • CVE-2025-33103May 17, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.

  • CVE-2025-3218May 7, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority…

  • CVE-2025-2950Apr 18, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to…

Page 1 of 4