CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27275 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-27275
15 Jun 2024 — IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203. IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local causada por un re... • https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31870 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31870
15 Jun 2024 — IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. IBM Db2 para i 7.2, 7.3, 7.4 y 7.5 proporciona una función de tabla definida por el usuario que es vulnerable a la enumeración de usuarios por parte de un atacante local auten... • https://exchange.xforce.ibmcloud.com/vulnerabilities/287174 • CWE-204: Observable Response Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31878 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31878
07 Jun 2024 — IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. IBM i 7.2, 7.3, 7.4 y 7.5 Service Tools Server (SST) es vulnerable a la enumeración de usuarios de SST por parte de un atacante remoto. Esta vulnerabilidad puede ser utilizada por un actor malintencionado para recopilar información sobre los... • https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 • CWE-203: Observable Discrepancy •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27264 – IBM Performance Tools for i privilege escalation
https://notcve.org/view.php?id=CVE-2024-27264
22 May 2024 — IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. IBM Performance Tools para i 7.2, 7.3, 7.4 y 7.5 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada de librería no calificada. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecute con p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/284563 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31879 – IBM i denial of service
https://notcve.org/view.php?id=CVE-2024-31879
18 May 2024 — IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. IBM i 7.2, 7.3 y 7.4 podrían permitir a un atacante remoto ejecutar código arbitrario provocando una denegación de servicio de puertos de red en el sistema, provocada por la deserialización de datos que no son de confianza. ID de IBM X-Force: 287539. • https://exchange.xforce.ibmcloud.com/vulnerabilities/287539 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25050 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-25050
28 Apr 2024 — IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242. La infraestructura de red y compilador de IBM i 7.2, 7.3, 7.4, 7.5 e IBM Rational Development Studio para i 7.2, 7.3, 7.4, 7.5 podría permitir a un usuario local obtener privilegios ele... • https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22346 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-22346
14 Mar 2024 — Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. Db2 para la infraestructura IBM i 7.2, 7.3, 7.4 y 7.5 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada de biblioteca no calificada. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 • CWE-264: Permissions, Privileges, and Access Controls CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2024-22318 – IBM i Access Client Solutions information disclosure
https://notcve.org/view.php?id=CVE-2024-22318
09 Feb 2024 — IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. IBM i Access Client Solutions (ACS) 1.1.2 a ... • https://packetstorm.news/files/id/177069 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43064 – IBM i code execution
https://notcve.org/view.php?id=CVE-2023-43064
25 Dec 2023 — Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. Facsimile Support para IBM i 7.2, 7.3, 7.4 y 7.5 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada de librería no calificada. Un actor malintencionado podría provocar que se ejecutara código arbit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/267689 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47741 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2023-47741
18 Dec 2023 — IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. Los clientes de navegador web IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror para i 7.4 y 7.5 pueden dejar contraseñas de texto plano en la memoria del navega... • https://www.ibm.com/support/pages/node/7097785 • CWE-522: Insufficiently Protected Credentials •