CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55898 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-55898
24 Feb 2025 — IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. • https://www.ibm.com/support/pages/node/7183835 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52895 – IBM i denial of service
https://notcve.org/view.php?id=CVE-2024-52895
14 Feb 2025 — IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database. • https://www.ibm.com/support/pages/node/7183052 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 2.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35122 – IBM i denial of service
https://notcve.org/view.php?id=CVE-2024-35122
24 Jan 2025 — IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. • https://www.ibm.com/support/pages/node/7178317 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55897 – IBM PowerHA SystemMirror for i information disclosure
https://notcve.org/view.php?id=CVE-2024-55897
03 Jan 2025 — IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7180036 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55896 – IBM PowerHA SystemMirror for i clickjacking
https://notcve.org/view.php?id=CVE-2024-55896
03 Jan 2025 — IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. • https://www.ibm.com/support/pages/node/7180036 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51463 – IBM i server-side request forgery
https://notcve.org/view.php?id=CVE-2024-51463
21 Dec 2024 — IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM i's Navigator is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Versions 7.3, 7.4 and 7.5 are susceptibl... • https://packetstorm.news/files/id/183303 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51464 – IBM i authentication bypass
https://notcve.org/view.php?id=CVE-2024-51464
21 Dec 2024 — IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. • https://packetstorm.news/files/id/183304 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47104 – IBM i incorrect privilege assignment
https://notcve.org/view.php?id=CVE-2024-47104
18 Dec 2024 — IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. • https://www.ibm.com/support/pages/node/7179158 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38330 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-38330
08 Jul 2024 — IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. IBM System Management para i 7.2, 7.3 y 7.4 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada no calificada a un programa de librería. Un actor malintencionado podría provocar que el código controlado por el usuario se e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/295227 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31890 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-31890
21 Jun 2024 — IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288171 • CWE-250: Execution with Unnecessary Privileges •