CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38721 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-38721
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262173 https://www.ibm.com/support/pages/node/7023423 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30989 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30989
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254017 https://www.ibm.com/support/pages/node/7012353 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30988 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-30988
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254016 https://www.ibm.com/support/pages/node/7012355 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-30990 – IBM i command execution
https://notcve.org/view.php?id=CVE-2023-30990
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254036 https://www.ibm.com/support/pages/node/7008573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •