I@7.4 Security Vulnerabilities and Issues — I@7.4 CVE List

Lucene search

IbmI7.4

11 matches found

CVE•added 2024/05/18 4:15 p.m.•106 views

CVE-2024-31879

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.

7.5CVSS7.8AI score0.00384EPSS

CVE•added 2024/03/14 7:15 p.m.•80 views

CVE-2024-22346

Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.

8.4CVSS8AI score0.00028EPSS

CVE•added 2024/05/22 8:15 p.m.•64 views

CVE-2024-27264

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

7.8CVSS7.5AI score0.00042EPSS

CVE•added 2024/07/08 2:15 a.m.•61 views

CVE-2024-38330

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.

7.8CVSS7AI score0.00006EPSS

CVE•added 2024/12/21 2:15 p.m.•60 views

CVE-2024-51463

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

5.4CVSS5.5AI score0.004EPSS

CVE•added 2024/06/15 2:15 p.m.•52 views

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file...

7.8CVSS7.4AI score0.00017EPSS

CVE•added 2024/12/21 2:15 p.m.•51 views

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

4.3CVSS4.5AI score0.00539EPSS

CVE•added 2024/06/21 10:15 a.m.•50 views

CVE-2024-31890

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.

7.8CVSS8AI score0.00021EPSS

CVE•added 2024/06/07 2:15 p.m.•49 views

CVE-2024-31878

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

5.3CVSS5.1AI score0.00058EPSS

CVE•added 2024/06/15 2:15 p.m.•48 views

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in fur...

3.3CVSS3.5AI score0.00033EPSS

CVE•added 2024/12/18 11:15 a.m.•46 views

CVE-2024-47104

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privi...

6.8CVSS6.5AI score0.00038EPSS