Lucene search

IBM65EA99A80AE02EF69334ABC22DDE58BF768E67493196FCD5E4929BBDBD6349DC

HistoryNov 29, 2023 - 8:00 p.m.

Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to an attacker obtaining sensitive information due to CVE-2023-42006

2023-11-2920:00:10

www.ibm.com

ibm administration runtime expert

information disclosure

vulnerability

fix available

ibm i 7.5

ibm i 7.4

ibm i 7.3

ibm i 7.2

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Summary

IBM Administration Runtime Expert for i could allow sensitive information stored in a file, including passwords, to be obtained by an attacker as described in the vulnerability details section. IBM Administration Runtime Expert for i has addressed the vulnerability with a fix as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2023-42006
**DESCRIPTION:**IBM Administration Runtime Expert for i could allow a local user to obtain sensitive information caused by improper authority checks.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265266 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Administration Runtime Expert for i	7.5
IBM Administration Runtime Expert for i	7.4
IBM Administration Runtime Expert for i	7.3
IBM Administration Runtime Expert for i	7.2

Remediation/Fixes

IBM i Release	5733-ARE PTF Number	PTF Download Link
7.5	SI84843	<https://www.ibm.com/support/pages/ptf/SI84843>
7.4	SI84843	<https://www.ibm.com/support/pages/ptf/SI84843>
7.3	SI84843	<https://www.ibm.com/support/pages/ptf/SI84843>
7.2	SI84843	<https://www.ibm.com/support/pages/ptf/SI84843>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmiMatch7.5.0

ibmiMatch7.4.0

ibmiMatch7.3.0

ibmiMatch7.2.0

VendorProductVersionCPE
ibmi7.5.0cpe:2.3:o:ibm:i:7.5.0:*:*:*:*:*:*:*
ibmi7.4.0cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:*
ibmi7.3.0cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:*
ibmi7.2.0cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	i	7.5.0	cpe:2.3:o:ibm:i:7.5.0:::::::*
ibm	i	7.4.0	cpe:2.3:o:ibm:i:7.4.0:::::::*
ibm	i	7.3.0	cpe:2.3:o:ibm:i:7.3.0:::::::*
ibm	i	7.2.0	cpe:2.3:o:ibm:i:7.2.0:::::::*

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for 65EA99A80AE02EF69334ABC22DDE58BF768E67493196FCD5E4929BBDBD6349DC