CVE-2024-38330

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 77.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM I
Timeline
PublishedJul 8

Description

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/i7.2, 7.3, 7.4
NVDibm/i7.2, 7.3, 7.4+2

🔴Vulnerability Details

2
GHSA
GHSA-93q5-fmhm-mp7p: IBM System Management for i 72024-07-08
CVEList
IBM i privilege escalation2024-07-08
CVE-2024-38330 (HIGH CVSS 7.8) | IBM System Management for i 7.2 | cvebase.io