Lucene search
+L

64 matches found

CVE
CVE
added 2019/11/09 1:41 a.m.155 views

CVE-2019-4450

CVE-2019-4450 affects IBM i 7.2, 7.3, and 7.4 for i via IBM Navigator for i. The issue is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM IBM i has addressed ...

6.1CVSS5.8AI score0.0073EPSS
CVE
CVE
added 2024/05/18 3:40 p.m.133 views

CVE-2024-31879

CVE-2024-31879 affects IBM i 7.2–7.4. The issue arises from deserialization of untrusted data in Management Central, allowing a remote attacker to execute arbitrary code and cause denial of service of network ports. Affected products and versions are IBM i 7.2, 7.3, and 7.4. Remediation is availa...

7.5CVSS7.8AI score0.00937EPSS
CVE
CVE
added 2023/10/15 1:36 a.m.114 views

CVE-2023-40378

CVE-2023-40378 – IBM i Local Privilege Escalation : The vulnerability is in IBM Directory Server for IBM i and allows a user with host OS command-line access to escalate privileges and gain component access. Red Hat/IBM bulletin details identify the affected IBM i releases as 7.2–7.5 and describe...

7.8CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2023/07/03 11:14 p.m.100 views

CVE-2023-30990

CVE-2023-30990 affects IBM i 7.2–7.5. The flaw allows a remote attacker to execute CL commands as QUSER due to exploitation of the DDM architecture, with impact on confidentiality, integrity, and availability noted in the CVSS metrics. IBM documents that the vulnerability is fixed by applying PTF...

9.8CVSS9AI score0.0101EPSS
CVE
CVE
added 2023/09/28 5:38 p.m.100 views

CVE-2023-40375

CVE-2023-40375 concerns the Integrated application server for IBM i, affecting IBM i versions 7.2–7.5. The Red Hat/IBM bulletin and IBM i security pages describe a local privilege escalation vulnerability: a user with command-line access to the host OS can elevate privileges to root. Root cause i...

7.8CVSS7.8AI score0.00147EPSS
CVE
CVE
added 2019/06/14 2:45 p.m.99 views

CVE-2019-4381

CVE-2019-4381 affects IBM i clustering (IBM i 7.x) where the REST API interfacing with the HMC via advanced node failure detection can leak HMC credentials to a local attacker. Affected releases include IBM i 7.2–7.4; IBM’s bulletin lists a base score of 5.9 (CVSSv3) with local access, high impac...

5.9CVSS5.1AI score0.00351EPSS
CVE
CVE
added 2022/05/24 4:20 p.m.99 views

CVE-2022-22495

CVE-2022-22495 affects IBM i versions 7.3, 7.4, and 7.5 (IBM Navigator for i). The vulnerability is an SQL injection caused by insufficient validation of external input, enabling a remote attacker to view, add, modify, or delete data in the back-end database. The impact is described as high for c...

8.8CVSS8.7AI score0.0214EPSS
CVE
CVE
added 2023/10/16 12:32 a.m.98 views

CVE-2023-40377

CVE-2023-40377 affects IBM i BRMS (Backup, Recovery, and Media Services) for IBM i versions 7.2, 7.3, and 7.4, creating a local privilege escalation when an attacker has command-line access to the host OS. The Red Hat/IBM bulletin confirms the vulnerability and lists the affected releases, noting...

7.8CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2024/03/14 6:40 p.m.93 views

CVE-2024-22346

CVE-2024-22346 affects IBM i environments running Db2 for IBM i (versions 7.2–7.5). The underlying issue is an unqualified library call in Db2 for IBM i infrastructure that could allow a local user to gain elevated privileges, enabling user-controlled code to run with administrator privileges. Th...

8.4CVSS8AI score0.00186EPSS
CVE
CVE
added 2022/05/09 4:35 p.m.92 views

CVE-2022-22481

The CVE-2022-22481 issue affects IBM Navigator for i (heritage version) on IBM i 7.2, 7.3 and 7.4. A vulnerability in access control allows a remote attacker to access the web interface without valid credentials by modifying the sign-on request, providing visibility into the system’s fully qualif...

5.3CVSS5.2AI score0.01145EPSS
CVE
CVE
added 2025/01/24 5:27 p.m.92 views

CVE-2024-35122

IBM i 7.2–7.5 are affected by CVE-2024-35122, a file-level local DoS due to insufficient authority (CWE-284). A local non-privileged user can configure a referential constraint with the privileges of another user to access a target file. Root cause: improper access control; impact: low (local, av...

2.8CVSS3.8AI score0.00168EPSS
CVE
CVE
added 2024/05/22 7:21 p.m.86 views

CVE-2024-27264

CVE-2024-27264 affects IBM i Performance Tools for i versions 7.2–7.5. Affected component: unqualified library call in the IBM Performance Tools for i space, enabling a local user to gain elevated privileges by running user-controlled code with administrator privileges. Root cause described as an...

7.8CVSS7.5AI score0.00137EPSS
CVE
CVE
added 2025/02/24 2:1 a.m.86 views

CVE-2024-55898

CVE-2024-55898 – IBM i privilege escalation . Affected product: IBM i versions 7.2, 7.3, 7.4, and 7.5. The issue arises from an unqualified library call (CWE-427) that could allow a user with the capability to compile or restore a program to execute user-controlled code with administrator privile...

8.5CVSS8.6AI score0.00412EPSS
CVE
CVE
added 2023/10/29 1:0 a.m.83 views

CVE-2023-40685

CVE-2023-40685 relates to a local privilege escalation in IBM i 7.2–7.5 when using Management Central within IBM Navigator. The Root Cause is a privilege-management flaw in Management Central that allows a user with command-line access to elevate to root. Affected products/versions: IBM i 7.2, 7....

7.8CVSS7.8AI score0.0015EPSS
CVE
CVE
added 2025/05/07 1:10 a.m.83 views

CVE-2025-3218

The CVE-2025-3218 entry pertains to IBM i Netserver: IBM i versions 7.2–7.6 are vulnerable to authentication and authorization attacks due to incorrect validation processing in Netserver. The root cause is improper validation handling, enabling a malicious actor to bypass authority restrictions o...

5.4CVSS7AI score0.00217EPSS
CVE
CVE
added 2022/12/22 8:20 p.m.82 views

CVE-2022-43857

IBM Navigator for i versions 7.3–7.5 is vulnerable to an information-disclosure issue where an authenticated user can bypass interface checks and download log files by modifying the servlet filter. Affected products: IBM Navigator for i 7.3/7.4/7.5. Root cause: bypass of interface checks via serv...

4.3CVSS4.7AI score0.00989EPSS
CVE
CVE
added 2022/12/22 8:53 p.m.82 views

CVE-2022-43860

IBM Navigator for i (IBM i) versions 7.3–7.5 are affected by CVE-2022-43860 due to an authenticated SQL injection that could disclose user profile attributes via the Navigator interface. The issue affects the IBM HTTP Server for i group PTFs and is remediated by applying the corresponding PTFs: 7...

4.3CVSS5.1AI score0.00474EPSS
CVE
CVE
added 2023/10/29 12:58 a.m.80 views

CVE-2023-40686

CVE-2023-40686 is a local privilege escalation in IBM i Navigator's Management Central. A malicious actor with OS command-line access can elevate privileges to gain component access to the operating system. Affected products are IBM i releases 7.2, 7.3, 7.4, and 7.5; the issue is associated with ...

7.8CVSS6.5AI score0.00145EPSS
CVE
CVE
added 2022/12/22 8:34 p.m.79 views

CVE-2022-43858

CVE-2022-43858 affects IBM Navigator for i versions 7.3, 7.4, and 7.5. An authenticated user can bypass interface checks by modifying a parameter, gaining access to their authorized file-system content through the Navigator interface (i.e., download files they are allowed to view). The Red Hat/RH...

4.3CVSS4.7AI score0.00989EPSS
CVE
CVE
added 2024/07/08 1:12 a.m.79 views

CVE-2024-38330

IBM System Management for i versions 7.2, 7.3, and 7.4 are affected by a local privilege-escalation due to an unqualified library program call. A local user could cause user-controlled code to run with administrator privileges. The Red Hat-IR-IBM bulletin and IBM X-Force entry confirm the vulnera...

7.8CVSS7AI score0.00258EPSS
CVE
CVE
added 2024/06/07 1:21 p.m.78 views

CVE-2024-31878

IBM i Service Tools Server (SST) on IBM i versions 7.2–7.5 is affected by a vulnerability that allows remote user enumeration, enabling an attacker to gather SST user information for targeted attacks. Root cause: SST user profile enumeration via SST endpoints. Impact is listed as confidentiality ...

5.3CVSS5.1AI score0.00447EPSS
CVE
CVE
added 2022/12/22 8:41 p.m.77 views

CVE-2022-43859

IBM Navigator for i versions 7.3–7.5 are affected by CVE-2022-43859. An authenticated user could exploit a UNION-based SQL injection in the Navigator interface to view file permissions for objects they are authorized to access. Root cause: insufficient input validation allowing SQL injection via ...

6.3CVSS5AI score0.00579EPSS
CVE
CVE
added 2024/12/21 1:46 p.m.77 views

CVE-2024-51463

CVE-2024-51463 affects IBM i releases 7.3, 7.4, and 7.5. The issue is a server-side request forgery (SSRF) in IBM Navigator for i, enabling an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration or related attacks. The root cause and exac...

5.4CVSS5.5AI score0.00871EPSS
CVE
CVE
added 2022/07/13 4:40 p.m.75 views

CVE-2022-34358

CVE-2022-34358 affects IBM i 7.2–7.5, with a cross-site scripting flaw in the Web UI (Digital Certificate Manager) due to insufficient input validation, enabling arbitrary JavaScript in a trusted session. CVSSv3.1 base score 5.4. Remediation per IBM bulletin: apply PTF fixes to IBM i releases 7.2...

5.4CVSS5.2AI score0.00467EPSS
CVE
CVE
added 2023/05/04 1:32 p.m.72 views

CVE-2023-23470

CVE-2023-23470 affects IBM i versions 7.2–7.5. An authenticated privileged administrator could gain elevated privileges due to improper SQL processing via a specially crafted SQL operation in non-default configurations. Reported impact: C/H I/H A/H with CVSS v3.1 base score 7.2 (PR:H, UI:N, AV:N)...

7.2CVSS6.8AI score0.00513EPSS
CVE
CVE
added 2024/06/21 9:39 a.m.72 views

CVE-2024-31890

IBM i 7.3–7.5 are affected by CVE-2024-31890 due to a local privilege escalation in the IBM TCP/IP Connectivity Utilities for i. A local attacker with command-line access can escalate privileges to root on the host OS. Affected versions: IBM i 7.3, 7.4, 7.5. Remediation: apply IBM i PTFs SJ00680 ...

7.8CVSS8AI score0.00171EPSS
CVE
CVE
added 2024/04/28 12:16 p.m.71 views

CVE-2024-25050

CVE-2024-25050 affects IBM i versions 7.2–7.5 and IBM Rational Development Studio for i versions 7.2–7.5. The root cause is an unqualified library call in the networking and compiler infrastructure, allowing a local user to execute user-controlled code with elevated (administrator) privileges. Im...

8.4CVSS6.6AI score0.0026EPSS
CVE
CVE
added 2024/06/15 1:49 p.m.71 views

CVE-2024-27275

CVE-2024-27275 affects IBM i versions 7.2–7.5 and describes a local privilege escalation caused by an insufficient authority requirement. A local user without administrator privileges can configure a physical file trigger in Db2 for IBM i, causing the trigger to execute with the privileges of a t...

7.8CVSS7.3AI score0.00155EPSS
CVE
CVE
added 2025/01/03 10:27 p.m.71 views

CVE-2024-55896

CVE-2024-55896 affects IBM PowerHA SystemMirror for IBM i, versions 7.4 and 7.5. The issue is improper restrictions when rendering content via iFrames, potentially allowing an attacker to gain improper access and perform unauthorized actions on the system. IBM’s bulletin lists fix actions: apply ...

5.4CVSS5.7AI score0.00219EPSS
CVE
CVE
added 2025/04/17 5:10 p.m.71 views

CVE-2025-2947

CVE-2025-2947 affects IBM i 7.6 and describes a privilege-escalation vulnerability caused by incorrect profile swapping in an OS command, enabling a malicious actor to gain root access. The issue is confirmed across multiple feeds (NVD, Red Hat, CVE listing) with a CVSSv3 base score of 7.2 (netwo...

9.8CVSS7.3AI score0.00388EPSS
CVE
CVE
added 2023/12/25 2:2 a.m.70 views

CVE-2023-43064

CVE-2023-43064 affects IBM i Facsimile Support for i versions 7.2–7.5. A local user could gain elevated privileges due to an unqualified library call, potentially allowing arbitrary code execution with the invoking user’s privileges. The Red Hat/IBM bulletin confirms affected IBM i releases 7.2, ...

7.8CVSS7.4AI score0.00171EPSS
CVE
CVE
added 2024/12/21 1:44 p.m.70 views

CVE-2024-51464

IBM i versions 7.3, 7.4, and 7.5 are affected by CVE-2024-51464, a vulnerability that allows bypassing Navigator for i interface restrictions. An authenticated attacker can send a specially crafted request to remotely perform actions the user is not allowed to perform through Navigator for i. The...

4.3CVSS4.5AI score0.01445EPSS
CVE
CVE
added 2024/06/15 1:47 p.m.66 views

CVE-2024-31870

CVE-2024-31870 affects IBM Db2 for i versions 7.2–7.5. A vulnerability in a user defined table function allows a local authenticated attacker to enumerate user profiles without authority to related *USRPRF objects, enabling information disclosure about users. The CVSS base score is 3.3 (LOW) with...

3.3CVSS3.5AI score0.00171EPSS
CVE
CVE
added 2025/02/14 2:36 p.m.66 views

CVE-2024-52895

CVE-2024-52895 affects IBM i 7.4, 7.5 (and 7.6 per IBM bulletin). The issue is a vulnerability where a bypass of a database capabilities restriction check allows a privileged attacker to remove or alter database infrastructure files, leading to a denial of service and possible incorrect behavior ...

6.5CVSS6.4AI score0.00392EPSS
CVE
CVE
added 2023/07/16 10:37 p.m.65 views

CVE-2023-30988

The CVE-2023-30988 relates to IBM i Facsimile Support for i on IBM i 7.2–7.5, where a local privilege escalation allows a user with OS-level command-line access to obtain root privileges. Affected products and versions: IBM i 7.2, 7.3, 7.4, 7.5 with Facsimile Support for i. Root cause: local priv...

8.4CVSS8.2AI score0.00162EPSS
CVE
CVE
added 2014/01/02 11:0 a.m.64 views

CVE-2013-5385

The CVE-2013-5385 issue concerns OSPFv2 on IBM System Networking NOS (and related IBM i platforms) where OSPFv2 LSA type 1 packets are not properly validated before LSA-database operations. IBM and related advisories describe that remote attackers could trigger routing disruption or leak sensitiv...

8.5CVSS6.2AI score0.03468EPSS
CVE
CVE
added 2022/01/13 6:5 p.m.60 views

CVE-2021-39056

The CVE-2021-39056 vulnerability affects the IBM i Extended Dynamic Remote SQL server (EDRSQL) on IBM i versions 7.1–7.4. A remote authenticated user can send a specially crafted request to cause a denial of service. Root cause details in the IBM bulletin align with EDRSQL handling of crafted req...

6.5CVSS6.5AI score0.01311EPSS
CVE
CVE
added 2025/04/18 2:50 p.m.60 views

CVE-2025-2950

IBM i (versions 7.3, 7.4, 7.5, and 7.6) is affected by a host header injection vulnerability due to improper neutralization of HTTP header content in IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to alter the domain/IP, potentially causing unexpected b...

5.4CVSS5.5AI score0.00271EPSS
CVE
CVE
added 2017/07/31 9:0 p.m.58 views

CVE-2017-1460

IBM i OSPF on versions 6.1, 7.1, 7.2, and 7.3 is affected by CVE-2017-1460 due to a rogue router spoofing origin, which leaves the LSA database incomplete and may cause loss of connectivity. IBM provides fixes via PTFs SI64413 (6.1), SI64412 (7.1), SI64411 (7.2), and SI64350 (7.3); affected relea...

7.5CVSS7.2AI score0.01371EPSS
CVE
CVE
added 2024/12/18 10:53 a.m.58 views

CVE-2024-47104

CVE-2024-47104 affects IBM i 7.4 and 7.5. An authenticated user with view authority can elevate privileges by altering the based-on physical file security attributes without object management rights, enabling actions restricted by their view privileges. IBM reports remediation via PTFs: 7.5 SF999...

6.8CVSS6.5AI score0.00329EPSS
CVE
CVE
added 2019/08/29 3:0 p.m.56 views

CVE-2019-4536

IBM i 7.4 configured with Db2 Mirror for i may be affected. During a Restore User Profile (RSTUSRPRF) on systems with Db2 Mirror, incorrect processing of a multi-profile restore could leave some user profiles with elevated privileges, enabling privilege escalation on the restored system. Remediat...

6.7CVSS6.1AI score0.00275EPSS
CVE
CVE
added 2020/05/17 2:0 p.m.56 views

CVE-2020-4345

CVE-2020-4345 affects IBM i 7.2, 7.3, and 7.4 where under specific circumstances, complex SQL statements may allow a local user to access sensitive information. The IBM i vulnerability details specify the affected releases and confirm the root cause as an information disclosure resulting from cer...

3.3CVSS3.9AI score0.00327EPSS
CVE
CVE
added 2023/07/16 10:40 p.m.56 views

CVE-2023-30989

CVE-2023-30989 affects IBM Performance Tools for IBM i (versions 7.2–7.5). The vulnerability is a local privilege escalation where a user with command-line access can elevate privileges to gain full host object access. Root cause details indicate a privilege escalation path within IBM i component...

8.4CVSS8.2AI score0.00162EPSS
CVE
CVE
added 2023/08/14 5:25 p.m.55 views

CVE-2023-38721

The CVE-2023-38721 vulnerability affects IBM i Facsimile Support for i on IBM i versions 7.2–7.5. The issue is a local privilege escalation that could let an attacker obtain a command line with root-level access to the host OS. Remediation is available via IBM i PTF SI84228 for all affected relea...

8.4CVSS8.2AI score0.00162EPSS
CVE
CVE
added 2023/12/18 7:9 p.m.55 views

CVE-2023-47741

CVE-2023-47741 affects IBM Db2 Mirror for i web browser clients and IBM i web browser clients on IBM i 7.3–7.5 (and Db2 Mirror for i 7.4–7.5). The issue allows clear-text passwords to linger in browser memory and be viewable via tools before garbage collection, potentially enabling an attacker wi...

5.3CVSS5.3AI score0.00333EPSS
CVE
CVE
added 2019/01/31 4:0 p.m.53 views

CVE-2019-4040

This CVE affects IBM i 7.2 and 7.3 as used by IBM Navigator for i. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. A remediation is available: apply I...

6.1CVSS5.8AI score0.01325EPSS
CVE
CVE
added 2025/06/14 12:25 a.m.53 views

CVE-2025-33108

CVE-2025-33108 affects IBM Backup, Recovery and Media Services for i versions 7.4 and 7.5. A BRMS program calling an unqualified library can allow a user with the capability to compile or restore a program to execute user-controlled code with host OS component access, enabling elevated privileges...

8.8CVSS8.6AI score0.00545EPSS
CVE
CVE
added 2025/05/17 4:2 p.m.51 views

CVE-2025-33103

CVE-2025-33103 describes a privilege-escalation in IBM i’s IBM TCP/IP Connectivity Utilities for i affecting IBM i releases 7.2–7.6. A malicious actor with command-line access to the host OS can elevate privileges to root. Public documents confirm the affected product and root-cause (privilege es...

8.8CVSS8.9AI score0.00359EPSS
CVE
CVE
added 2021/04/21 12:5 p.m.50 views

CVE-2021-20501

CVE-2021-20501 affects IBM i SMTP on IBM i releases 7.1–7.4. The issue allows a network attacker to abuse non-default configuration to deliver email to non-existent local-domain recipients, consuming bandwidth and disk space and enabling spam. The underlying cause is in IBM i SMTP configuration. ...

8.2CVSS7.8AI score0.01338EPSS
CVE
CVE
added 2021/12/30 5:10 p.m.49 views

CVE-2021-38876

CVE-2021-38876 affects IBM i 7.2, 7.3, and 7.4. A cross-site scripting vulnerability in the IBM Navigator for i Web UI could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is addressed by IBM with platform-specifi...

6.1CVSS5.8AI score0.00632EPSS
Total number of security vulnerabilities64