IBMC46B3743AEF0C7325625E36E2FCEEDB093E9F97B89DF51B6DBA9326EFC1697FASecurity Bulletin: IBM i is vulnerable to a privilege elevation due to an unqualified library call in Db2 for IBM i. [CVE-2024-22346]
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
Summary
IBM i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification, in Db2 for IBM i, as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below.
Vulnerability Details
CVEID:CVE-2024-22346
**DESCRIPTION:**Db2 for IBM i infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM i | 7.5 |
| IBM i | 7.4 |
| IBM i | 7.3 |
| IBM i | 7.2 |
Remediation/Fixes
The issues can be addressed by applying PTFs to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i 5770-SS1 PTF numbers and Group PTFs listed below resolve the vulnerabilities.
IBM i Release| 5770-SS1
PTF Numbers| PTF Download Link
—|—|—
7.5| SF99950 750 Db2 for IBM i Level 6| <https://www.ibm.com/support/pages/uid/nas4SF99950>
7.4| SF99704 740 Db2 for IBM i Level 27| <https://www.ibm.com/support/pages/uid/nas4SF99704>
7.3|
SI85678
SI85716
SI85731
SI85769
SI85776
SI85779
SI85781
SI85789
SI85798
SI85800
SI85802
SI85804
SI85811
|
<https://www.ibm.com/support/pages/ptf/SI85678>
<https://www.ibm.com/support/pages/ptf/SI85716>
<https://www.ibm.com/support/pages/ptf/SI85731>
<https://www.ibm.com/support/pages/ptf/SI85769>
<https://www.ibm.com/support/pages/ptf/SI85776>
<https://www.ibm.com/support/pages/ptf/SI85779>
<https://www.ibm.com/support/pages/ptf/SI85781>
<https://www.ibm.com/support/pages/ptf/SI85789>
<https://www.ibm.com/support/pages/ptf/SI85798>
<https://www.ibm.com/support/pages/ptf/SI85800>
<https://www.ibm.com/support/pages/ptf/SI85802>
<https://www.ibm.com/support/pages/ptf/SI85804>
<https://www.ibm.com/support/pages/ptf/SI85811>
7.2|
SI85679
SI85715
SI85732
SI85770
SI85775
SI85777
SI85780
SI85788
SI85797
SI85799
SI85801
SI85803
SI85810
|
<https://www.ibm.com/support/pages/ptf/SI85679>
<https://www.ibm.com/support/pages/ptf/SI85715>
<https://www.ibm.com/support/pages/ptf/SI85732>
<https://www.ibm.com/support/pages/ptf/SI85770>
<https://www.ibm.com/support/pages/ptf/SI85775>
<https://www.ibm.com/support/pages/ptf/SI85777>
<https://www.ibm.com/support/pages/ptf/SI85780>
<https://www.ibm.com/support/pages/ptf/SI85788>
<https://www.ibm.com/support/pages/ptf/SI85797>
<https://www.ibm.com/support/pages/ptf/SI85799>
<https://www.ibm.com/support/pages/ptf/SI85801>
<https://www.ibm.com/support/pages/ptf/SI85803>
<https://www.ibm.com/support/pages/ptf/SI85810>
https://www.ibm.com/support/fixcentral
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
Workarounds and Mitigations
None.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | planning_analytics | 7.4.0 | cpe:2.3:a:ibm:planning_analytics:7.4.0:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%