Vulnerabilities > IBM > I > 7.4

DATE CVE VULNERABILITY TITLE RISK
2023-07-16 CVE-2023-30988 Unspecified vulnerability in IBM I
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-07-16 CVE-2023-30989 Unspecified vulnerability in IBM I
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-07-04 CVE-2023-30990 Code Injection vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture.
network
low complexity
ibm CWE-94
critical
 9.8
9.8
2023-05-04 CVE-2023-23470 SQL Injection vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing.
network
low complexity
ibm CWE-89
7.2
7.2
2022-12-24 CVE-2022-43860 SQL Injection vulnerability in IBM I 7.3/7.4/7.5
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface.
network
low complexity
ibm CWE-89
4.3
4.3
2022-12-22 CVE-2022-43857 Path Traversal vulnerability in IBM I 7.3/7.4/7.5
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface.
network
low complexity
ibm CWE-22
4.3
4.3
2022-12-22 CVE-2022-43858 Path Traversal vulnerability in IBM I 7.3/7.4/7.5
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface.
network
low complexity
ibm CWE-22
4.3
4.3
2022-12-22 CVE-2022-43859 SQL Injection vulnerability in IBM I 7.3/7.4/7.5
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface.
network
low complexity
ibm CWE-89
4.3
4.3
2022-05-24 CVE-2022-22495 SQL Injection vulnerability in IBM I 7.3/7.4/7.5
IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5
6.5
2022-05-09 CVE-2022-22481 Unspecified vulnerability in IBM I 7.2/7.3/7.4
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials.
network
low complexity
ibm
5.3
5.3