13 matches found
CVE-2024-55898 IBM i privilege escalation
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2024-31878
IBM i Service Tools Server (SST) on IBM i versions 7.2–7.5 is affected by a vulnerability that allows remote user enumeration, enabling an attacker to gather SST user information for targeted attacks. Root cause: SST user profile enumeration via SST endpoints. Impact is listed as confidentiality ...
Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service attacks due to multiple vulnerabilities.
Summary IBM i Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to denial of service attacks due to errors exploitable by remote attacker as described in the vulnerability details section CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50868. This bulletin...
Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to an attacker obtaining sensitive information due to CVE-2023-42006
Summary IBM Administration Runtime Expert for i could allow sensitive information stored in a file, including passwords, to be obtained by an attacker as described in the vulnerability details section. IBM Administration Runtime Expert for i has addressed the vulnerability with a fix as described...
Privilege escalation
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM...
CVE-2023-40377
CVE-2023-40377 affects IBM i BRMS (Backup, Recovery, and Media Services) for IBM i versions 7.2, 7.3, and 7.4, creating a local privilege escalation when an attacker has command-line access to the host OS. The Red Hat/IBM bulletin confirms the vulnerability and lists the affected releases, noting...
CVE-2023-40375
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing and port status query (CVE-2022-22475 CVE-2022-22393)
Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing by an authenticated user and the ability to obtain the status of application server ports as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to IBM WebSphe...
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is affected by arbitrary code execution and other attacks due to multiple vulnerabilities.
Summary Multiple vulnerabilities in IBM WebSphere Application Server allow arbitrary code execution, LDAP injection, unauthorized access, and click hijacking as described in the CVEs listed in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the...
Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i
Summary IBM HTTP Server powered by Apache for i is vulnerable to the issues described in the vulnerability details section. IBM i has addressed the applicable CVEs in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable t...
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-14782
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ is supported by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...
Security Bulletin: Vulnerability CVE-2017-2619 in Samba affects IBM i
Summary Samba is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-2619 DESCRIPTION: Samba could allow a remote authenticated attacker to launch a symlink attack, caused by a race condition A local attacker could exploit this vulnerability using SM...