Lucene search

IBM6509C7C7831A3F87012CE4638E45DCD8C586765789E4FE789DFC1AA266D31268

HistoryApr 27, 2024 - 4:44 p.m.

Security Bulletin: IBM Rational Development Studio for i is vulnerable to a local privilege escalation due to an unqualified library call in compiler infrastructure [CVE-2024-25050]

2024-04-2716:44:52

www.ibm.com

ibm rational development studio

local privilege escalation

unqualified library call

compiler infrastructure

ptfs

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

15.5%

JSON

Summary

IBM i product IBM Rational Development Studio for i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2024-25050
**DESCRIPTION:**IBM i networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Rational Development Studio for i	7.5
Rational Development Studio for i	7.4
Rational Development Studio for i	7.3
Rational Development Studio for i	7.2

Remediation/Fixes

The issue can be fixed by applying PTFs to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF numbers for 5770-WDS contain the fixes for the vulnerability.

IBM i Release

5770-WDS

PTF Download Link

<https://www.ibm.com/support/fixcentral>

Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_changeMatch7.5.0

ibmrational_changeMatch7.4.0

ibmrational_changeMatch7.3.0

ibmrational_changeMatch7.2.0

ibmiMatch7.5.0

ibmiMatch7.4.0

ibmiMatch7.3.0

ibmiMatch7.2.0

VendorProductVersionCPE
ibmrational_change7.5.0cpe:2.3:a:ibm:rational_change:7.5.0:*:*:*:*:*:*:*
ibmrational_change7.4.0cpe:2.3:a:ibm:rational_change:7.4.0:*:*:*:*:*:*:*
ibmrational_change7.3.0cpe:2.3:a:ibm:rational_change:7.3.0:*:*:*:*:*:*:*
ibmrational_change7.2.0cpe:2.3:a:ibm:rational_change:7.2.0:*:*:*:*:*:*:*
ibmi7.5.0cpe:2.3:o:ibm:i:7.5.0:*:*:*:*:*:*:*
ibmi7.4.0cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:*
ibmi7.3.0cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:*
ibmi7.2.0cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_change	7.5.0	cpe:2.3:a:ibm:rational_change:7.5.0:::::::*
ibm	rational_change	7.4.0	cpe:2.3:a:ibm:rational_change:7.4.0:::::::*
ibm	rational_change	7.3.0	cpe:2.3:a:ibm:rational_change:7.3.0:::::::*
ibm	rational_change	7.2.0	cpe:2.3:a:ibm:rational_change:7.2.0:::::::*
ibm	i	7.5.0	cpe:2.3:o:ibm:i:7.5.0:::::::*
ibm	i	7.4.0	cpe:2.3:o:ibm:i:7.4.0:::::::*
ibm	i	7.3.0	cpe:2.3:o:ibm:i:7.3.0:::::::*
ibm	i	7.2.0	cpe:2.3:o:ibm:i:7.2.0:::::::*

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for 6509C7C7831A3F87012CE4638E45DCD8C586765789E4FE789DFC1AA266D31268