EUVD-2011-1383

Malware in sbrugna...

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

CVE-2025-33108

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by an issue in OpenSSL (CVE-2024-2511)

Summary An issue was identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the IBM i...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2023-6237 and CVE-2024-0727)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an ASN.1 data. (CVE-2018-0739)

Summary IBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to execute a denial of service attack by sending specially crafted ASN.1 data. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only. Vulnerability Details CVEID: CVE-2018-0739...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL Montgomery squaring function propagation flaw (CVE-2017-3736)

Summary IBM MQ and IBM WebSphere MQ are affected by an OpenSSL vulnerability which could allow a remote attacker to obtain sensitive information. This is caused by a carry propagation flaw in the the x8664 Montgomery squaring function bnsqrx8xinternal. OpenSSL is used by IBM MQ Advanced Message...

Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an IPAdressFamily extension in an X.509 certificate. (CVE-2017-3735)

Summary IBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. OpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only...

IBM Navigator for i 安全漏洞

IBM Navigator for i is an IBM console interface used in IBMi to perform and manage critical tasks in IBMi. IBM Navigator for i versions 7.2, 7.3 and 7.4 are vulnerable to an access control error that stems from a network system or product that does not properly restrict access to resources from...

Security Bulletin: IBM WebSphere MQ keystore password traced by mqcertck on IBM i platform (CVE-2015-7462)

Summary The mqcertck tool which was newly added in MQ 8.0.0.4 could trace certificate keystore passwords. Vulnerability Details CVEID: CVE-2015-7462 DESCRIPTION: IBM WebSphere MQ could allow a local user with administrator privileges to decrypt other MQ administrators passwords by using the...

Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)

Summary There is a vulnerability in OpenSSL that is used by IBM WebSphere MQ - Advanced Message Security. This issue was disclosed on August 6, 2014 by the OpenSSL project. Vulnerability Details CVE-ID: CVE-2014-3508 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

Open I Platform - Customized SSL, Dangerous filesystem permissions, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Open I Platform published at the 'play' market has multiple vulnerabilities...

IBM WebSphere Application Server Multiple Vulnerabilities

The version of IBM WebSphere application server running on the remote host is potentially affected by multiple vulnerabilities : - An insecure file permission vulnerability that only affects WebSphere Application Server running on the IBM i platform. A local attacker may be able to exploit this...

Code injection

iscdeploy in IBM WebSphere Application Server WAS 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/clientffdc/, which allows local users to read or modify files via standard filesystem operations...