Vulnerabilities > IBM > I

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-40377 Unspecified vulnerability in IBM I 7.2/7.3/7.4
Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-10-15 CVE-2023-40378 Unspecified vulnerability in IBM I
IBM Directory Server for IBM i contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-09-28 CVE-2023-40375 Improper Privilege Management vulnerability in IBM I
Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm CWE-269
7.8
7.8
2023-08-14 CVE-2023-38721 Unspecified vulnerability in IBM I
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-07-16 CVE-2023-30988 Unspecified vulnerability in IBM I
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-07-16 CVE-2023-30989 Unspecified vulnerability in IBM I
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability.
local
low complexity
ibm
7.8
7.8
2023-07-04 CVE-2023-30990 Code Injection vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture.
network
low complexity
ibm CWE-94
critical
 9.8
9.8
2023-05-04 CVE-2023-23470 SQL Injection vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing.
network
low complexity
ibm CWE-89
7.2
7.2
2022-12-24 CVE-2022-43860 SQL Injection vulnerability in IBM I 7.3/7.4/7.5
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface.
network
low complexity
ibm CWE-89
4.3
4.3
2022-12-22 CVE-2022-43857 Path Traversal vulnerability in IBM I 7.3/7.4/7.5
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface.
network
low complexity
ibm CWE-22
4.3
4.3