CVE-2024-31890

Description

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ibm / i7.3 – 7.3
ibm / i7.4 – 7.4
ibm / i7.5 – 7.5

References

MISChttps://www.ibm.com/support/pages/node/7158240
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/288171