Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary

IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2024-31879
**DESCRIPTION:**IBM i could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287539 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF number for 5770-SS1 Option 3 contains the fix for the vulnerability.

IBM i Release| 5770-SS1
Option 3| PTF Download Link
—|—|—
7.4| SJ00619| <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00619&gt;
7.3| SJ00629| <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00629&gt;
7.2| SJ00628| <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00628&gt;

<https://www.ibm.com/support/fixcentral&gt;

Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None