64 matches found
CVE-2019-4450
CVE-2019-4450 affects IBM i 7.2, 7.3, and 7.4 for i via IBM Navigator for i. The issue is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM IBM i has addressed ...
CVE-2024-31879
CVE-2024-31879 affects IBM i 7.2–7.4. The issue arises from deserialization of untrusted data in Management Central, allowing a remote attacker to execute arbitrary code and cause denial of service of network ports. Affected products and versions are IBM i 7.2, 7.3, and 7.4. Remediation is availa...
CVE-2023-40378
CVE-2023-40378 – IBM i Local Privilege Escalation : The vulnerability is in IBM Directory Server for IBM i and allows a user with host OS command-line access to escalate privileges and gain component access. Red Hat/IBM bulletin details identify the affected IBM i releases as 7.2–7.5 and describe...
CVE-2023-30990
CVE-2023-30990 affects IBM i 7.2–7.5. The flaw allows a remote attacker to execute CL commands as QUSER due to exploitation of the DDM architecture, with impact on confidentiality, integrity, and availability noted in the CVSS metrics. IBM documents that the vulnerability is fixed by applying PTF...
CVE-2023-40375
CVE-2023-40375 concerns the Integrated application server for IBM i, affecting IBM i versions 7.2–7.5. The Red Hat/IBM bulletin and IBM i security pages describe a local privilege escalation vulnerability: a user with command-line access to the host OS can elevate privileges to root. Root cause i...
CVE-2019-4381
CVE-2019-4381 affects IBM i clustering (IBM i 7.x) where the REST API interfacing with the HMC via advanced node failure detection can leak HMC credentials to a local attacker. Affected releases include IBM i 7.2–7.4; IBM’s bulletin lists a base score of 5.9 (CVSSv3) with local access, high impac...
CVE-2022-22495
CVE-2022-22495 affects IBM i versions 7.3, 7.4, and 7.5 (IBM Navigator for i). The vulnerability is an SQL injection caused by insufficient validation of external input, enabling a remote attacker to view, add, modify, or delete data in the back-end database. The impact is described as high for c...
CVE-2023-40377
CVE-2023-40377 affects IBM i BRMS (Backup, Recovery, and Media Services) for IBM i versions 7.2, 7.3, and 7.4, creating a local privilege escalation when an attacker has command-line access to the host OS. The Red Hat/IBM bulletin confirms the vulnerability and lists the affected releases, noting...
CVE-2024-22346
CVE-2024-22346 affects IBM i environments running Db2 for IBM i (versions 7.2–7.5). The underlying issue is an unqualified library call in Db2 for IBM i infrastructure that could allow a local user to gain elevated privileges, enabling user-controlled code to run with administrator privileges. Th...
CVE-2022-22481
The CVE-2022-22481 issue affects IBM Navigator for i (heritage version) on IBM i 7.2, 7.3 and 7.4. A vulnerability in access control allows a remote attacker to access the web interface without valid credentials by modifying the sign-on request, providing visibility into the system’s fully qualif...
CVE-2024-35122
IBM i 7.2–7.5 are affected by CVE-2024-35122, a file-level local DoS due to insufficient authority (CWE-284). A local non-privileged user can configure a referential constraint with the privileges of another user to access a target file. Root cause: improper access control; impact: low (local, av...
CVE-2024-27264
CVE-2024-27264 affects IBM i Performance Tools for i versions 7.2–7.5. Affected component: unqualified library call in the IBM Performance Tools for i space, enabling a local user to gain elevated privileges by running user-controlled code with administrator privileges. Root cause described as an...
CVE-2024-55898
CVE-2024-55898 – IBM i privilege escalation . Affected product: IBM i versions 7.2, 7.3, 7.4, and 7.5. The issue arises from an unqualified library call (CWE-427) that could allow a user with the capability to compile or restore a program to execute user-controlled code with administrator privile...
CVE-2023-40685
CVE-2023-40685 relates to a local privilege escalation in IBM i 7.2–7.5 when using Management Central within IBM Navigator. The Root Cause is a privilege-management flaw in Management Central that allows a user with command-line access to elevate to root. Affected products/versions: IBM i 7.2, 7....
CVE-2025-3218
The CVE-2025-3218 entry pertains to IBM i Netserver: IBM i versions 7.2–7.6 are vulnerable to authentication and authorization attacks due to incorrect validation processing in Netserver. The root cause is improper validation handling, enabling a malicious actor to bypass authority restrictions o...
CVE-2022-43857
IBM Navigator for i versions 7.3–7.5 is vulnerable to an information-disclosure issue where an authenticated user can bypass interface checks and download log files by modifying the servlet filter. Affected products: IBM Navigator for i 7.3/7.4/7.5. Root cause: bypass of interface checks via serv...
CVE-2022-43860
IBM Navigator for i (IBM i) versions 7.3–7.5 are affected by CVE-2022-43860 due to an authenticated SQL injection that could disclose user profile attributes via the Navigator interface. The issue affects the IBM HTTP Server for i group PTFs and is remediated by applying the corresponding PTFs: 7...
CVE-2023-40686
CVE-2023-40686 is a local privilege escalation in IBM i Navigator's Management Central. A malicious actor with OS command-line access can elevate privileges to gain component access to the operating system. Affected products are IBM i releases 7.2, 7.3, 7.4, and 7.5; the issue is associated with ...
CVE-2022-43858
CVE-2022-43858 affects IBM Navigator for i versions 7.3, 7.4, and 7.5. An authenticated user can bypass interface checks by modifying a parameter, gaining access to their authorized file-system content through the Navigator interface (i.e., download files they are allowed to view). The Red Hat/RH...
CVE-2024-38330
IBM System Management for i versions 7.2, 7.3, and 7.4 are affected by a local privilege-escalation due to an unqualified library program call. A local user could cause user-controlled code to run with administrator privileges. The Red Hat-IR-IBM bulletin and IBM X-Force entry confirm the vulnera...
CVE-2024-31878
IBM i Service Tools Server (SST) on IBM i versions 7.2–7.5 is affected by a vulnerability that allows remote user enumeration, enabling an attacker to gather SST user information for targeted attacks. Root cause: SST user profile enumeration via SST endpoints. Impact is listed as confidentiality ...
CVE-2022-43859
IBM Navigator for i versions 7.3–7.5 are affected by CVE-2022-43859. An authenticated user could exploit a UNION-based SQL injection in the Navigator interface to view file permissions for objects they are authorized to access. Root cause: insufficient input validation allowing SQL injection via ...
CVE-2024-51463
CVE-2024-51463 affects IBM i releases 7.3, 7.4, and 7.5. The issue is a server-side request forgery (SSRF) in IBM Navigator for i, enabling an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration or related attacks. The root cause and exac...
CVE-2022-34358
CVE-2022-34358 affects IBM i 7.2–7.5, with a cross-site scripting flaw in the Web UI (Digital Certificate Manager) due to insufficient input validation, enabling arbitrary JavaScript in a trusted session. CVSSv3.1 base score 5.4. Remediation per IBM bulletin: apply PTF fixes to IBM i releases 7.2...
CVE-2023-23470
CVE-2023-23470 affects IBM i versions 7.2–7.5. An authenticated privileged administrator could gain elevated privileges due to improper SQL processing via a specially crafted SQL operation in non-default configurations. Reported impact: C/H I/H A/H with CVSS v3.1 base score 7.2 (PR:H, UI:N, AV:N)...
CVE-2024-31890
IBM i 7.3–7.5 are affected by CVE-2024-31890 due to a local privilege escalation in the IBM TCP/IP Connectivity Utilities for i. A local attacker with command-line access can escalate privileges to root on the host OS. Affected versions: IBM i 7.3, 7.4, 7.5. Remediation: apply IBM i PTFs SJ00680 ...
CVE-2024-25050
CVE-2024-25050 affects IBM i versions 7.2–7.5 and IBM Rational Development Studio for i versions 7.2–7.5. The root cause is an unqualified library call in the networking and compiler infrastructure, allowing a local user to execute user-controlled code with elevated (administrator) privileges. Im...
CVE-2024-27275
CVE-2024-27275 affects IBM i versions 7.2–7.5 and describes a local privilege escalation caused by an insufficient authority requirement. A local user without administrator privileges can configure a physical file trigger in Db2 for IBM i, causing the trigger to execute with the privileges of a t...
CVE-2024-55896
CVE-2024-55896 affects IBM PowerHA SystemMirror for IBM i, versions 7.4 and 7.5. The issue is improper restrictions when rendering content via iFrames, potentially allowing an attacker to gain improper access and perform unauthorized actions on the system. IBM’s bulletin lists fix actions: apply ...
CVE-2025-2947
CVE-2025-2947 affects IBM i 7.6 and describes a privilege-escalation vulnerability caused by incorrect profile swapping in an OS command, enabling a malicious actor to gain root access. The issue is confirmed across multiple feeds (NVD, Red Hat, CVE listing) with a CVSSv3 base score of 7.2 (netwo...
CVE-2023-43064
CVE-2023-43064 affects IBM i Facsimile Support for i versions 7.2–7.5. A local user could gain elevated privileges due to an unqualified library call, potentially allowing arbitrary code execution with the invoking user’s privileges. The Red Hat/IBM bulletin confirms affected IBM i releases 7.2, ...
CVE-2024-51464
IBM i versions 7.3, 7.4, and 7.5 are affected by CVE-2024-51464, a vulnerability that allows bypassing Navigator for i interface restrictions. An authenticated attacker can send a specially crafted request to remotely perform actions the user is not allowed to perform through Navigator for i. The...
CVE-2024-31870
CVE-2024-31870 affects IBM Db2 for i versions 7.2–7.5. A vulnerability in a user defined table function allows a local authenticated attacker to enumerate user profiles without authority to related *USRPRF objects, enabling information disclosure about users. The CVSS base score is 3.3 (LOW) with...
CVE-2024-52895
CVE-2024-52895 affects IBM i 7.4, 7.5 (and 7.6 per IBM bulletin). The issue is a vulnerability where a bypass of a database capabilities restriction check allows a privileged attacker to remove or alter database infrastructure files, leading to a denial of service and possible incorrect behavior ...
CVE-2023-30988
The CVE-2023-30988 relates to IBM i Facsimile Support for i on IBM i 7.2–7.5, where a local privilege escalation allows a user with OS-level command-line access to obtain root privileges. Affected products and versions: IBM i 7.2, 7.3, 7.4, 7.5 with Facsimile Support for i. Root cause: local priv...
CVE-2013-5385
The CVE-2013-5385 issue concerns OSPFv2 on IBM System Networking NOS (and related IBM i platforms) where OSPFv2 LSA type 1 packets are not properly validated before LSA-database operations. IBM and related advisories describe that remote attackers could trigger routing disruption or leak sensitiv...
CVE-2021-39056
The CVE-2021-39056 vulnerability affects the IBM i Extended Dynamic Remote SQL server (EDRSQL) on IBM i versions 7.1–7.4. A remote authenticated user can send a specially crafted request to cause a denial of service. Root cause details in the IBM bulletin align with EDRSQL handling of crafted req...
CVE-2025-2950
IBM i (versions 7.3, 7.4, 7.5, and 7.6) is affected by a host header injection vulnerability due to improper neutralization of HTTP header content in IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to alter the domain/IP, potentially causing unexpected b...
CVE-2017-1460
IBM i OSPF on versions 6.1, 7.1, 7.2, and 7.3 is affected by CVE-2017-1460 due to a rogue router spoofing origin, which leaves the LSA database incomplete and may cause loss of connectivity. IBM provides fixes via PTFs SI64413 (6.1), SI64412 (7.1), SI64411 (7.2), and SI64350 (7.3); affected relea...
CVE-2024-47104
CVE-2024-47104 affects IBM i 7.4 and 7.5. An authenticated user with view authority can elevate privileges by altering the based-on physical file security attributes without object management rights, enabling actions restricted by their view privileges. IBM reports remediation via PTFs: 7.5 SF999...
CVE-2019-4536
IBM i 7.4 configured with Db2 Mirror for i may be affected. During a Restore User Profile (RSTUSRPRF) on systems with Db2 Mirror, incorrect processing of a multi-profile restore could leave some user profiles with elevated privileges, enabling privilege escalation on the restored system. Remediat...
CVE-2020-4345
CVE-2020-4345 affects IBM i 7.2, 7.3, and 7.4 where under specific circumstances, complex SQL statements may allow a local user to access sensitive information. The IBM i vulnerability details specify the affected releases and confirm the root cause as an information disclosure resulting from cer...
CVE-2023-30989
CVE-2023-30989 affects IBM Performance Tools for IBM i (versions 7.2–7.5). The vulnerability is a local privilege escalation where a user with command-line access can elevate privileges to gain full host object access. Root cause details indicate a privilege escalation path within IBM i component...
CVE-2023-38721
The CVE-2023-38721 vulnerability affects IBM i Facsimile Support for i on IBM i versions 7.2–7.5. The issue is a local privilege escalation that could let an attacker obtain a command line with root-level access to the host OS. Remediation is available via IBM i PTF SI84228 for all affected relea...
CVE-2023-47741
CVE-2023-47741 affects IBM Db2 Mirror for i web browser clients and IBM i web browser clients on IBM i 7.3–7.5 (and Db2 Mirror for i 7.4–7.5). The issue allows clear-text passwords to linger in browser memory and be viewable via tools before garbage collection, potentially enabling an attacker wi...
CVE-2019-4040
This CVE affects IBM i 7.2 and 7.3 as used by IBM Navigator for i. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. A remediation is available: apply I...
CVE-2025-33108
CVE-2025-33108 affects IBM Backup, Recovery and Media Services for i versions 7.4 and 7.5. A BRMS program calling an unqualified library can allow a user with the capability to compile or restore a program to execute user-controlled code with host OS component access, enabling elevated privileges...
CVE-2025-33103
CVE-2025-33103 describes a privilege-escalation in IBM i’s IBM TCP/IP Connectivity Utilities for i affecting IBM i releases 7.2–7.6. A malicious actor with command-line access to the host OS can elevate privileges to root. Public documents confirm the affected product and root-cause (privilege es...
CVE-2021-20501
CVE-2021-20501 affects IBM i SMTP on IBM i releases 7.1–7.4. The issue allows a network attacker to abuse non-default configuration to deliver email to non-existent local-domain recipients, consuming bandwidth and disk space and enabling spam. The underlying cause is in IBM i SMTP configuration. ...
CVE-2021-38876
CVE-2021-38876 affects IBM i 7.2, 7.3, and 7.4. A cross-site scripting vulnerability in the IBM Navigator for i Web UI could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is addressed by IBM with platform-specifi...