CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38721 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-38721
14 Aug 2023 — The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262173 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30989 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30989
16 Jul 2023 — IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254017 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30988 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30988
16 Jul 2023 — The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254016 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30990 – IBM i command execution
https://notcve.org/view.php?id=CVE-2023-30990
03 Jul 2023 — IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254036 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23470 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-23470
04 May 2023 — IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34358
https://notcve.org/view.php?id=CVE-2022-34358
13 Jul 2022 — IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. IBM i versiones 7.2, 7.3, 7.4 y 7.5 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/230516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22481
https://notcve.org/view.php?id=CVE-2022-22481
09 May 2022 — IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. IBM Navigator para i versiones 7.2, 7.3 y 7.4 (versión de herencia), podría p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225899 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39056
https://notcve.org/view.php?id=CVE-2021-39056
13 Jan 2022 — The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. El servidor SQL Dinámico Remoto Extendido (EDRSQL) de IBM i versiones 7.1, 7.2, 7.3 y 7.4, podría permitir a un usuario remoto autenticado enviar una petición especialmente diseñada y causar una denegación de servicio. IBM X-Force ID: 214537 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214537 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38876
https://notcve.org/view.php?id=CVE-2021-38876
30 Dec 2021 — IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. IBM i versiones 7.2, 7.3 y 7.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario de la web, alterando así la funcionalida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/208404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20501
https://notcve.org/view.php?id=CVE-2021-20501
21 Apr 2021 — IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. IBM i versiones 7.1, 7.2, 7.3 y 7.4 SMTP, permite a un atacante de red enviar correos electrónicos a destinatarios de dominio local inexistentes en el servidor... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198056 •