i · threatengine.sh

CVE-2026-2311

all versions

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authoriza

6.4MEDIUM

CVE-2026-1376

all versions

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper alloc

7.5HIGH

CVE-2025-36371

all versions

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation

6.5MEDIUM

CVE-2025-36367

all versions

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization chec

8.8HIGH

CVE-2025-36119

all versions

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manag

7.1HIGH

CVE-2025-33109

all versions

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad ac

7.5HIGH

CVE-2025-36004

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Su

8.8HIGH

CVE-2025-33122

all versions

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advance

7.5HIGH

CVE-2025-33108

all versions

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program t

8.5HIGH

CVE-2025-33103

all versions

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A

8.5HIGH

CVE-2025-3218

all versions

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing

5.4MEDIUM

CVE-2025-2950

all versions

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header cont

5.4MEDIUM

CVE-2025-2947

all versions

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor

7.2HIGH

CVE-2024-55898

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges du

8.5HIGH

CVE-2024-52895

all versions

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction c

6.5MEDIUM

CVE-2024-35122

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement

2.8LOW

CVE-2024-55896

all versions

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability

5.4MEDIUM

CVE-2024-51464

all versions

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request

4.3MEDIUM

CVE-2024-51463

all versions

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send un

5.4MEDIUM

CVE-2024-47104

all versions

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a

6.8MEDIUM

CVE-2024-38330

all versions

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library p

7.0HIGH

CVE-2024-31890

>= 7.3 and <= 7.5

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A mal

7.8HIGH

CVE-2024-31870

all versions

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticat

3.3LOW

CVE-2024-27275

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement.

7.4HIGH

CVE-2024-31878

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerab

5.3MEDIUM

CVE-2024-27264

all versions

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified libr

7.4HIGH

CVE-2024-31879

all versions

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on

7.5HIGH

CVE-2024-25050

all versions

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could

8.4HIGH

CVE-2024-22346

all versions

Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified lib

8.4HIGH

CVE-2023-43064

all versions

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified libr

7.0HIGH

CVE-2023-47741

all versions

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that

5.3MEDIUM

CVE-2023-42006

all versions

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by

8.4HIGH

CVE-2023-40685

all versions

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malic

7.4HIGH

CVE-2023-40686

all versions

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malic

4.9MEDIUM

CVE-2023-40377

all versions

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A ma

4.9MEDIUM

CVE-2023-40378

all versions

IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to

4.9MEDIUM

CVE-2023-40375

all versions

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious a

7.4HIGH

CVE-2023-38721

all versions

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A maliciou

8.4HIGH

CVE-2023-30989

all versions

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with co

8.4HIGH

CVE-2023-30988

all versions

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious

8.4HIGH

CVE-2023-30990

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM archi

8.6HIGH

CVE-2023-23470

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default conf

6.4MEDIUM

CVE-2022-43860

all versions

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but

4.3MEDIUM

CVE-2022-43859

all versions

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are aut

6.3MEDIUM

CVE-2022-43858

all versions

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are auth

4.3MEDIUM

CVE-2022-43857

all versions

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized

4.3MEDIUM

CVE-2022-34358

all versions

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript

5.4MEDIUM

CVE-2022-22495

all versions

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could

8.8HIGH

CVE-2022-22481

all versions

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface witho

5.3MEDIUM

CVE-2021-39056

all versions

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a spe

6.5MEDIUM

CVE-2021-38876

all versions

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code

6.1MEDIUM

CVE-2021-39050

all versions

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checki

7.8HIGH

CVE-2021-39049

all versions

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checki

7.8HIGH

CVE-2021-29868

all versions

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration.

5.5MEDIUM

CVE-2021-29784

all versions

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical err

4.3MEDIUM

CVE-2021-29770

all versions

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthoriz

6.5MEDIUM

CVE-2021-29769

all versions

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization toke

4.3MEDIUM

CVE-2021-29767

all versions

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a det

5.3MEDIUM

CVE-2021-29766

all versions

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive infor

5.3MEDIUM

CVE-2021-20431

all versions

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an attacke

6.5MEDIUM

CVE-2021-20430

all versions

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive infor

5.3MEDIUM

CVE-2020-4623

all versions

IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search ord

6.5MEDIUM

CVE-2021-20501

all versions

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP ser

8.2HIGH

CVE-2020-4588

<= 8.9.13

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim co

7.8HIGH

CVE-2020-4584

<= 8.9.13

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is retur

7.5HIGH

CVE-2020-4724

all versions

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4723

all versions

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4722

all versions

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4721

all versions

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4554

all versions

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4553

all versions

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4552

all versions

IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8HIGH

CVE-2020-4551

all versions

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4550

all versions

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory c

7.8HIGH

CVE-2020-4549

all versions

IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8HIGH

CVE-2020-4345

all versions

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtai

3.3LOW

CVE-2020-4468

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory

7.8HIGH

CVE-2020-4467

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory

7.8HIGH

CVE-2020-4422

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memor

7.8HIGH

CVE-2020-4343

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memor

7.8HIGH

CVE-2020-4288

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memor

7.8HIGH

CVE-2020-4287

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memor

7.8HIGH

CVE-2020-4285

all versions

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memor

7.8HIGH

CVE-2020-4266

all versions