CVE-2024-25050

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/283242
https://www.ibm.com/support/pages/node/7149616
https://www.ibm.com/support/pages/node/7149672
https://exchange.xforce.ibmcloud.com/vulnerabilities/283242
https://www.ibm.com/support/pages/node/7149616
https://www.ibm.com/support/pages/node/7149672

Configurations

No configuration.

History

21 Nov 2024, 09:00

Type	Values Removed	Values Added
Summary		(es) La infraestructura de red y compilador de IBM i 7.2, 7.3, 7.4, 7.5 e IBM Rational Development Studio para i 7.2, 7.3, 7.4, 7.5 podría permitir a un usuario local obtener privilegios elevados debido a una llamada de librería no calificada. Un actor malintencionado podría provocar que el código controlado por el usuario se ejecute con privilegios de administrador. ID de IBM X-Force: 283242.
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 -
References	~~() https://www.ibm.com/support/pages/node/7149616 -~~	() https://www.ibm.com/support/pages/node/7149616 -
References	~~() https://www.ibm.com/support/pages/node/7149672 -~~	() https://www.ibm.com/support/pages/node/7149672 -

28 Apr 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-28 13:15

Updated : 2024-11-21 09:00

NVD link : CVE-2024-25050

Mitre link : CVE-2024-25050

CVE.ORG link : CVE-2024-25050

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

8.4 /10