I Security Vulnerabilities and Issues — I CVE List

Lucene search

IbmI

8 matches found

CVE•added 2019/11/09 2:15 a.m.•139 views

CVE-2019-4450

IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492.

6.1CVSS5.8AI score0.00329EPSS

CVE•added 2022/12/22 9:15 p.m.•59 views

CVE-2022-43859

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 2...

6.3CVSS5AI score0.00027EPSS

CVE•added 2024/12/18 11:15 a.m.•46 views

CVE-2024-47104

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privi...

6.8CVSS6.5AI score0.00038EPSS

CVE•added 2025/02/14 3:15 p.m.•46 views

CVE-2024-52895

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the databas...

6.5CVSS6.4AI score0.00074EPSS

CVE•added 2019/08/29 3:15 p.m.•42 views

CVE-2019-4536

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this...

6.7CVSS6.1AI score0.0004EPSS

CVE•added 2022/01/13 6:15 p.m.•40 views

CVE-2021-39056

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.

6.5CVSS6.5AI score0.00278EPSS

CVE•added 2019/01/31 4:0 p.m.•33 views

CVE-2019-4040

IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164.

6.1CVSS5.8AI score0.00239EPSS

CVE•added 2021/12/30 5:15 p.m.•33 views

CVE-2021-38876

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.

6.1CVSS5.8AI score0.00225EPSS