VYPR

I

by IBM

CVEs (62)

  • CVE-2025-2947Apr 17, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.

  • CVE-2024-55898Feb 24, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2024-52895Feb 14, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that…

  • CVE-2024-35122Jan 24, 2025
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.

  • CVE-2024-55897Jan 3, 2025
    risk 0.00cvss epss 0.00

    IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be…

  • CVE-2024-55896Jan 3, 2025
    risk 0.00cvss epss 0.00

    IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames.  This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

  • CVE-2024-47104Dec 18, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can…

  • CVE-2024-38330Jul 8, 2024
    risk 0.00cvss epss 0.00

    IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.

  • CVE-2024-31890Jun 21, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM…

  • CVE-2024-27275Jun 15, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to…

  • CVE-2024-31870Jun 15, 2024
    risk 0.00cvss epss 0.00

    IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that…

  • CVE-2024-31878Jun 7, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

  • CVE-2024-27264May 22, 2024
    risk 0.00cvss epss 0.00

    IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

  • CVE-2024-31879May 18, 2024
    risk 0.00cvss epss 0.01

    IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.

  • CVE-2024-25050Apr 28, 2024
    risk 0.00cvss epss 0.00

    IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with…

  • CVE-2024-22346Mar 14, 2024
    risk 0.00cvss epss 0.00

    Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.

  • CVE-2023-43064Dec 25, 2023
    risk 0.00cvss epss 0.00

    Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: …

  • CVE-2023-47741Dec 18, 2023
    risk 0.00cvss epss 0.00

    IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this…

  • CVE-2023-42006Dec 1, 2023
    risk 0.00cvss epss 0.00

    IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.

  • CVE-2023-40685Oct 29, 2023
    risk 0.00cvss epss 0.00

    Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating…