CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
14.2%
IBM i is vulnerable to a privilege escalation due to a user without privilege being able to configure a physical file trigger in Db2 for IBM i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below.
CVEID:CVE-2024-27275
**DESCRIPTION:**IBM i contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to required administrator privilege to configure trigger support.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be addressed by applying PTFs to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i 5770-SS1 PTF numbers and Group PTFs listed below resolve the vulnerability.
IBM i Release| 5770-SS1
PTF Numbers| PTF Download Link
—|—|—
7.5| SF99950 750 Db2 for IBM i Level 7| <https://www.ibm.com/support/pages/uid/nas4SF99950>
7.4| SF99704 740 Db2 for IBM i Level 28| <https://www.ibm.com/support/pages/uid/nas4SF99704>
7.3|
SJ00297
SJ00314
SJ00326
SJ00343
SJ00347
SJ00352
SJ00353
SJ00361
SJ00389
SJ00450
SJ00455
SJ00580
SJ00743
SJ00744
SJ00749
SJ00752
SJ00764
SJ00765
SJ00768
SJ00769
|
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00297>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00314>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00326>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00343>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00347>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00352>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00353>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00361>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00389>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00450>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00455>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00580>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00743>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00744>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00749>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00752>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00764>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00765>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00768>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00769>
7.2|
SJ00298
SJ00315
SJ00325
SJ00346
SJ00348
SJ00354
SJ00355
SJ00360
SJ00390
SJ00449
SJ00456
SJ00581
SJ00747
SJ00748
SJ00750
SJ00753
SJ00763
SJ00766
SJ00767
SJ00770
|
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00298>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00315>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00325>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00346>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00348>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00354>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00355>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00360>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00390>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00449>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00456>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00581>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00747>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00748>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00750>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00753>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00763>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00766>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00767>
<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00770>
https://www.ibm.com/support/fixcentral
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | i | 7.2.0 | cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:* |
ibm | i | 7.3.0 | cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:* |
ibm | i | 7.4.0 | cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:* |
ibm | i | 7.5.0 | cpe:2.3:o:ibm:i:7.5.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.2.0 | cpe:2.3:a:ibm:planning_analytics:7.2.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.3.0 | cpe:2.3:a:ibm:planning_analytics:7.3.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.4.0 | cpe:2.3:a:ibm:planning_analytics:7.4.0:*:*:*:*:*:*:* |
ibm | ibm_i_7.5_preventative_service_planning | 7.5.0 | cpe:2.3:a:ibm:ibm_i_7.5_preventative_service_planning:7.5.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
14.2%