Vulnerabilities > IBM > I > 7.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-16 | CVE-2023-30989 | Unspecified vulnerability in IBM I IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. | 7.8 |
2023-07-04 | CVE-2023-30990 | Code Injection vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. | 9.8 |
2023-05-04 | CVE-2023-23470 | SQL Injection vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. | 7.2 |
2022-05-09 | CVE-2022-22481 | Unspecified vulnerability in IBM I 7.2/7.3/7.4 IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. | 5.3 |
2022-01-13 | CVE-2021-39056 | Unspecified vulnerability in IBM I The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. | 4.0 |
2021-12-30 | CVE-2021-38876 | Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4 IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. | 4.3 |
2021-04-21 | CVE-2021-20501 | Unspecified vulnerability in IBM I IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. | 6.4 |
2020-05-17 | CVE-2020-4345 | SQL Injection vulnerability in IBM I 7.2/7.3/7.4 IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. | 1.9 |
2019-11-09 | CVE-2019-4450 | Cross-site Scripting vulnerability in IBM I 7.2/7.3/7.4 IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. | 4.3 |
2019-06-14 | CVE-2019-4381 | Credentials Management vulnerability in IBM I 7.2/7.3 IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. | 5.5 |