CVE-2024-27275

CWE-266CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 80.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM I
Timeline
PublishedJun 15

Description

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/i4 versions+3
NVDibm/i4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mm7f-23wf-j4qf: IBM i 72024-06-15
CVEList
IBM i privilege escalation2024-06-15
CVE-2024-27275 (HIGH CVSS 7.8) | IBM i 7.2 | cvebase.io