by IBM
CVEs (57)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55896 | 0.00 | — | 0.00 | Jan 3, 2025 | IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. | ||
| CVE-2024-47104 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. | ||
| CVE-2024-38330 | 0.00 | — | 0.00 | Jul 8, 2024 | IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. | ||
| CVE-2024-31890 | 0.00 | — | 0.00 | Jun 21, 2024 | IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. | ||
| CVE-2024-27275 | 0.00 | — | 0.00 | Jun 15, 2024 | IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. | ||
| CVE-2024-31870 | 0.00 | — | 0.00 | Jun 15, 2024 | IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. | ||
| CVE-2024-31878 | 0.00 | — | 0.00 | Jun 7, 2024 | IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. | ||
| CVE-2024-27264 | 0.00 | — | 0.00 | May 22, 2024 | IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||
| CVE-2024-31879 | 0.00 | — | 0.01 | May 18, 2024 | IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. | ||
| CVE-2024-25050 | 0.00 | — | 0.00 | Apr 28, 2024 | IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242. | ||
| CVE-2024-22346 | 0.00 | — | 0.00 | Mar 14, 2024 | Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | ||
| CVE-2023-43064 | 0.00 | — | 0.00 | Dec 25, 2023 | Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | ||
| CVE-2023-47741 | 0.00 | — | 0.00 | Dec 18, 2023 | IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. | ||
| CVE-2023-42006 | 0.00 | — | 0.00 | Dec 1, 2023 | IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. | ||
| CVE-2023-40685 | 0.00 | — | 0.00 | Oct 29, 2023 | Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. | ||
| CVE-2023-40686 | 0.00 | — | 0.00 | Oct 29, 2023 | Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. | ||
| CVE-2023-40377 | 0.00 | — | 0.00 | Oct 16, 2023 | Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583. | ||
| CVE-2023-40378 | 0.00 | — | 0.00 | Oct 15, 2023 | IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584. | ||
| CVE-2023-40375 | 0.00 | — | 0.00 | Sep 28, 2023 | Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | ||
| CVE-2023-38721 | 0.00 | — | 0.00 | Aug 14, 2023 | The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. |
Page 2 of 3