Vulnerabilities > IBM > I > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-07 | CVE-2024-31878 | Information Exposure Through Discrepancy vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. | 5.3 |
| 2023-12-18 | CVE-2023-47741 | Insufficiently Protected Credentials vulnerability in IBM DB2 Mirror for I and I IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. | 5.3 |
| 2023-12-01 | CVE-2023-42006 | Incorrect Authorization vulnerability in IBM I IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. | 5.5 |
| 2022-12-24 | CVE-2022-43860 | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. | 4.3 |
| 2022-12-22 | CVE-2022-43857 | Path Traversal vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. | 4.3 |
| 2022-12-22 | CVE-2022-43858 | Path Traversal vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. | 4.3 |
| 2022-12-22 | CVE-2022-43859 | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. | 4.3 |
| 2022-07-13 | CVE-2022-34358 | Cross-site Scripting vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. | 5.4 |
| 2022-05-09 | CVE-2022-22481 | Unspecified vulnerability in IBM I 7.2/7.3/7.4 IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. | 5.3 |
| 2022-01-13 | CVE-2021-39056 | Unspecified vulnerability in IBM I The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. | 6.5 |