Vulnerabilities > IBM > I
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-08 | CVE-2024-38330 | Uncontrolled Search Path Element vulnerability in IBM I 7.2/7.3/7.4 IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. | 7.8 |
| 2024-06-15 | CVE-2024-27275 | Improper Authentication vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. | 7.8 |
| 2024-06-15 | CVE-2024-31870 | Information Exposure Through Discrepancy vulnerability in IBM I IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. | 3.3 |
| 2024-06-07 | CVE-2024-31878 | Information Exposure Through Discrepancy vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. | 5.3 |
| 2024-03-14 | CVE-2024-22346 | Uncontrolled Search Path Element vulnerability in IBM I Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. | 7.8 |
| 2023-12-25 | CVE-2023-43064 | Uncontrolled Search Path Element vulnerability in IBM I Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. | 7.8 |
| 2023-12-18 | CVE-2023-47741 | Insufficiently Protected Credentials vulnerability in IBM DB2 Mirror for I and I IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. | 5.3 |
| 2023-12-01 | CVE-2023-42006 | Incorrect Authorization vulnerability in IBM I IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. | 5.5 |
| 2023-10-29 | CVE-2023-40685 | Improper Privilege Management vulnerability in IBM I Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. | 7.8 |
| 2023-10-29 | CVE-2023-40686 | Improper Privilege Management vulnerability in IBM I Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. | 7.8 |