3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.
CVEID:CVE-2024-31870
**DESCRIPTION:**IBM Db2 for i supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287174 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be addressed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i 5770-SS1 PTF number resolves the vulnerability.
IBM i Release | 5770-SS1 | PTF Download Link |
---|---|---|
7.5 | SJ00244 | https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00244 |
7.4 | SJ00245 | <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00245> |
7.3 | SJ00246 | <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00246> |
7.2 | SJ00247 | <https://www.ibm.com/mysupport/s/fix-information?legacy=SJ00247> |
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None.
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%