Lucene search
+L

13 matches found

Vulnrichment
Vulnrichment
added 2025/02/24 2:1 a.m.10 views

CVE-2024-55898 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.5CVSS7.3AI score0.00412EPSS
Exploits0References1
CVE
CVE
added 2024/06/07 1:21 p.m.79 views

CVE-2024-31878

IBM i Service Tools Server (SST) on IBM i versions 7.2–7.5 is affected by a vulnerability that allows remote user enumeration, enabling an attacker to gather SST user information for targeted attacks. Root cause: SST user profile enumeration via SST endpoints. Impact is listed as confidentiality ...

5.3CVSS5.1AI score0.00447EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/01 3:22 p.m.64 views

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service attacks due to multiple vulnerabilities.

Summary IBM i Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to denial of service attacks due to errors exploitable by remote attacker as described in the vulnerability details section CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50868. This bulletin...

7.5CVSS7.8AI score0.81729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 8:0 p.m.23 views

Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to an attacker obtaining sensitive information due to CVE-2023-42006

Summary IBM Administration Runtime Expert for i could allow sensitive information stored in a file, including passwords, to be obtained by an attacker as described in the vulnerability details section. IBM Administration Runtime Expert for i has addressed the vulnerability with a fix as described...

8.4CVSS5.9AI score0.00212EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/10/29 1:15 a.m.25 views

Privilege escalation

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM...

4.3CVSS7.8AI score0.00145EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/16 12:32 a.m.99 views

CVE-2023-40377

CVE-2023-40377 affects IBM i BRMS (Backup, Recovery, and Media Services) for IBM i versions 7.2, 7.3, and 7.4, creating a local privilege escalation when an attacker has command-line access to the host OS. The Red Hat/IBM bulletin confirms the vulnerability and lists the affected releases, noting...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/09/28 6:15 p.m.27 views

CVE-2023-40375

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580...

7.8CVSS7.8AI score0.00147EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:19 p.m.128 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...

9.8CVSS9.3AI score0.8377EPSS
Exploits5Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/16 12:15 p.m.32 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing and port status query (CVE-2022-22475 CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing by an authenticated user and the ability to obtain the status of application server ports as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to IBM WebSphe...

6.5CVSS1.7AI score0.00693EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 3:20 p.m.16 views

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is affected by arbitrary code execution and other attacks due to multiple vulnerabilities.

Summary Multiple vulnerabilities in IBM WebSphere Application Server allow arbitrary code execution, LDAP injection, unauthorized access, and click hijacking as described in the CVEs listed in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the...

9.8CVSS9.4AI score0.30367EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/06 5:6 p.m.81 views

Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issues described in the vulnerability details section. IBM i has addressed the applicable CVEs in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable t...

9.8CVSS8.8AI score0.99999EPSS
Exploits5Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/26 2:8 p.m.54 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-14782

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ is supported by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

4.3CVSS1AI score0.02272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.38 views

Security Bulletin: Vulnerability CVE-2017-2619 in Samba affects IBM i

Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-2619 DESCRIPTION: Samba could allow a remote authenticated attacker to launch a symlink attack, caused by a race condition A local attacker could exploit this vulnerability using SM...

7.5CVSS7.4AI score0.11181EPSS
Exploits3Affected Software1
Rows per page
Query Builder