I Security Vulnerabilities and Issues — I CVE List

Lucene search

IbmI

9 matches found

CVE•added 2019/06/14 3:29 p.m.•79 views

CVE-2019-4381

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.

5.9CVSS5.1AI score0.00131EPSS

CVE•added 2022/05/09 5:15 p.m.•67 views

CVE-2022-22481

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks p...

5.3CVSS5.2AI score0.00172EPSS

CVE•added 2024/12/21 2:15 p.m.•60 views

CVE-2024-51463

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

5.4CVSS5.5AI score0.00448EPSS

CVE•added 2022/07/13 5:15 p.m.•58 views

CVE-2022-34358

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516.

5.4CVSS5.2AI score0.00123EPSS

CVE•added 2025/05/07 2:15 a.m.•56 views

CVE-2025-3218

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access th...

5.4CVSS7AI score0.00046EPSS

CVE•added 2025/01/03 11:15 p.m.•54 views

CVE-2024-55896

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

5.4CVSS5.7AI score0.00032EPSS

CVE•added 2024/06/07 2:15 p.m.•49 views

CVE-2024-31878

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

5.3CVSS5.1AI score0.00058EPSS

CVE•added 2023/12/18 8:15 p.m.•41 views

CVE-2023-47741

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gai...

5.3CVSS5.3AI score0.00037EPSS

CVE•added 2025/04/18 3:15 p.m.•38 views

CVE-2025-2950

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.

5.4CVSS5.5AI score0.00038EPSS