CVE-2020-4345 — SQL Injection in IBM I

CWE-89 — SQL Injection3 documents3 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 83.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM I

Timeline

PublishedMay 17

Latest updateMay 24

Description

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/i7.2, 7.3, 7.4+2

▶NVDibm/i7.2, 7.3, 7.4+2

🔴Vulnerability Details

GHSA

GHSA-55qq-3jg8-6rq4: IBM i 7↗2022-05-24

▶

CVEList

CVE-2020-4345: IBM i 7↗2020-05-17

▶