CVE-2024-55898 — Uncontrolled Search Path Element in IBM I

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

8.5HIGHNVD

EPSS

0.1%

top 83.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM I

Timeline

PublishedFeb 24

Description

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5ibm/i7.2, 7.3, 7.4, 7.5

▶NVDibm/i4 versions+3

🔴Vulnerability Details

GHSA

GHSA-pppq-x5vp-whw6: IBM i 7↗2025-02-24

▶

CVEList

IBM i privilege escalation↗2025-02-24

▶