Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1731

4 documents4 sources
Severity
2.1LOW
EPSS
1.7%
top 17.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM OS 400
Timeline
PublishedDec 31
Latest updateApr 30

Description

The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDibm/os_4005 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-wpc7-rpjv-rv8j: The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF2022-04-30
CVEList
CVE-2002-1731: The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF2005-06-21

💥Exploits & PoCs

1
Exploit-DB
OS/400 - User Account Name Disclosure2002-02-07
CVE-2002-1731 (LOW CVSS 2.1) | The System Request menu in IBM AS/4 | cvebase.io