Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i [CVE-2025-36004].

Summary IBM i is affected by a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i as described in the vulnerability details section. This bulletin identifies the steps to take to...

Security Bulletin: IBM i is vulnerable to a privilege escalation due to incorrect profile swapping in an OS command [CVE-2025-2947].

Summary IBM i contains a privilege escalation vulnerability due to incorrect swapping in an OS command as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details...

Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].

Summary IBM i is vulnerable to a user with the capability to compile or restore a program to gain elevated priviliges due to an unqualified library call as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a spoofing attack [CVE-2023-50314].

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an attacker with access to the network to conduct spoofing attacks as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality, availability, and integrity impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing confidentiality impact CVE-2024-21145, availability impact CVE-2024-21144, integrity impact CVE-2024-21131, and denial of service CVE-2024-27267 as described in t...

Security Bulletin: RC4 Bar Mitzvah Attack for SSL/TLS (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575).

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM i. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS...

Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)

Summary IBM i is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...

Security Bulletin: ISC BIND on IBM i is vulnerable to a remote attacker causing a denial of service due to multiple vulnerabilities.

Summary Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to a denial of service due to queries to an excessively large resolver database CVE-2024-1737, serving stale cache data content CVE-2024-4076, sending SIG 0 signed requests CVE-2024-1975, and sending a flood of DNS...

Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary code due to a signal handler race condition. [CVE-2024-6387]

Summary OpenSSH used by IBM i is vulnerable to a remote attacker executing arbitrary code due to a signal handler race condition as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795].

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP response splitting attacks due to improper input validation and flaws in multiple modules as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing availability impact CVE-2024-21085, denial of service CVE-2023-38264, and bypassing security restrictions CVE-2024-3933 as described in the vulnerability details...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM TCP/IP Connectivity Utilities for i [CVE-2024-31890].

Summary IBM i is vulnerable to a local user with command line access gaining elevated privilege due to a flaw in IBM TCP/IP Connectivity Utilities for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i. [CVE-2024-31870]

Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details...

Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described ...