CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31878 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2024-31878
07 Jun 2024 — IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. IBM i 7.2, 7.3, 7.4 y 7.5 Service Tools Server (SST) es vulnerable a la enumeración de usuarios de SST por parte de un atacante remoto. Esta vulnerabilidad puede ser utilizada por un actor malintencionado para recopilar información sobre los... • https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 • CWE-203: Observable Discrepancy •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22346 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-22346
14 Mar 2024 — Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. Db2 para la infraestructura IBM i 7.2, 7.3, 7.4 y 7.5 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada de biblioteca no calificada. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 • CWE-264: Permissions, Privileges, and Access Controls CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43064 – IBM i code execution
https://notcve.org/view.php?id=CVE-2023-43064
25 Dec 2023 — Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. Facsimile Support para IBM i 7.2, 7.3, 7.4 y 7.5 podría permitir que un usuario local obtenga privilegios elevados debido a una llamada de librería no calificada. Un actor malintencionado podría provocar que se ejecutara código arbit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/267689 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47741 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2023-47741
18 Dec 2023 — IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. Los clientes de navegador web IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror para i 7.4 y 7.5 pueden dejar contraseñas de texto plano en la memoria del navega... • https://www.ibm.com/support/pages/node/7097785 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42006 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2023-42006
01 Dec 2023 — IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. IBM Administration Runtime Expert para i 7.2, 7.3, 7.4 y 7.5 podría permitir a un usuario local obtener información confidencial causada por comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 265266. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265266 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40685 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40685
29 Oct 2023 — Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. Management Central como parte de IBM i 7.2, 7.3, 7.4 y 7.5 Navigator contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264116 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40686 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40686
29 Oct 2023 — Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114. Management Central como parte de IBM i 7.2, 7.3, 7.4 y 7.5 Navigator contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del si... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264114 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40378 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40378
15 Oct 2023 — IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584. IBM Directory Server para IBM i contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso a los componentes del sis... • https://exchange.xforce.ibmcloud.com/vulnerabilities/263584 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40375 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-40375
28 Sep 2023 — Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elev... • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/263580 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38721 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2023-38721
14 Aug 2023 — The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262173 • CWE-269: Improper Privilege Management •