Vulnerabilities > IBM > I > 7.2

DATE CVE VULNERABILITY TITLE RISK
2023-07-16 CVE-2023-30989 Unspecified vulnerability in IBM I
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-07-04 CVE-2023-30990 Code Injection vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture.
network
low complexity
ibm CWE-94
critical
 9.8
9.8
2023-05-04 CVE-2023-23470 SQL Injection vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing.
network
low complexity
ibm CWE-89
7.2
7.2
2022-05-09 CVE-2022-22481 Unspecified vulnerability in IBM I 7.2/7.3/7.4
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials.
network
low complexity
ibm
5.3
5.3
2022-01-13 CVE-2021-39056 Unspecified vulnerability in IBM I
The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service.
network
low complexity
ibm
4.0
4.0
2021-12-30 CVE-2021-38876 Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2021-04-21 CVE-2021-20501 Unspecified vulnerability in IBM I
IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration.
network
low complexity
ibm
6.4
6.4
2020-05-17 CVE-2020-4345 SQL Injection vulnerability in IBM I 7.2/7.3/7.4
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to.
local
ibm CWE-89
1.9
1.9
2019-11-09 CVE-2019-4450 Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4
IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2019-06-14 CVE-2019-4381 Credentials Management vulnerability in IBM I 7.2/7.3
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC.
local
low complexity
ibm CWE-255
5.5
5.5