Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM141CB8A178E0B61956859953921962068523D9642E5CAC27B297A99DCA093187
HistorySep 13, 2024 - 8:29 p.m.

Security Bulletin: IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to unqualified library calls [CVE-2024-38330].

2024-09-1320:29:06
www.ibm.com
14
ibm managed system services
ibm system management
ibm i
vulnerability
elevated privilege
unqualified library calls
cve-2024-38330
ptfs
fixes

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

14.5%

JSON

Summary

IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to programs making unqualified library calls as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2024-38330
**DESCRIPTION:**IBM System Management for i could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/295227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM i 7.4
IBM i 7.3
IBM i 7.2

Remediation/Fixes

The issue can be fixed by applying PTFs to IBM i. IBM i releases 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF numbers for 5770-MG1 and 5770-SM1 contain the fixes for the vulnerability.

IBM i Release

|

5770-MG1
PTF Number

|

PTF Download Link

—|—|—
7.4|

SJ01170

SJ01655

|

<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01170&gt;

<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01655&gt;

7.3|

SJ01174

SJ01741

|

<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01174&gt;

<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01741&gt;

7.2|

SJ01175

SJ01740

|

<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01175&gt;

<https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01740&gt;

IBM i Release

|

5770-SM1
PTF Number

|

PTF Download Link

—|—|—
7.4|

SJ01325

| <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01325&gt;
7.3|

SJ01324

| <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01324&gt;
7.2|

SJ01323

| <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ01323&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmiMatch7.4.0
OR
ibmiMatch7.3.0
OR
ibmiMatch7.2.0
OR
ibmplanning_analyticsMatch7.4.0
OR
ibmplanning_analyticsMatch7.2.0
OR
ibmplanning_analyticsMatch7.3.0
VendorProductVersionCPE
ibmi7.4.0cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:*
ibmi7.3.0cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:*
ibmi7.2.0cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:*
ibmplanning_analytics7.4.0cpe:2.3:a:ibm:planning_analytics:7.4.0:*:*:*:*:*:*:*
ibmplanning_analytics7.2.0cpe:2.3:a:ibm:planning_analytics:7.2.0:*:*:*:*:*:*:*
ibmplanning_analytics7.3.0cpe:2.3:a:ibm:planning_analytics:7.3.0:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
vulnrichment 1
cve 1
nvd
nvd
CVE-2024-38330
2024-07-08 02:15:01
cvelist
cvelist
CVE-2024-38330 IBM i privilege escalation
2024-07-08 01:12:50
vulnrichment
vulnrichment
CVE-2024-38330 IBM i privilege escalation
2024-07-08 01:12:50
cve
cve
CVE-2024-38330
2024-07-08 02:15:01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

14.5%

JSON
Related for 141CB8A178E0B61956859953921962068523D9642E5CAC27B297A99DCA093187
nvd1cvelist1vulnrichment1cve1