CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
IBM i product IBM Rational Development Studio for i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.
CVEID:CVE-2024-25050
**DESCRIPTION:**IBM i networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Rational Development Studio for i | 7.5 |
Rational Development Studio for i | 7.4 |
Rational Development Studio for i | 7.3 |
Rational Development Studio for i | 7.2 |
The issue can be fixed by applying PTFs to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers for 5770-WDS contain the fixes for the vulnerability.
IBM i Release
|
5770-WDS
|
PTF Download Link
—|—|—
7.5| SI86179
SJ00204| https://www.ibm.com/support/pages/ptf/SI86179
https://www.ibm.com/support/pages/ptf/SJ00204
7.4| SI86136
SJ00196| https://www.ibm.com/support/pages/ptf/SI86136
https://www.ibm.com/support/pages/ptf/SJ00196
7.3| SI86096
SJ00194| https://www.ibm.com/support/pages/ptf/SI86096
https://www.ibm.com/support/pages/ptf/SJ00194
7.2| SI86065
SJ00157| https://www.ibm.com/support/pages/ptf/SI86065
https://www.ibm.com/support/pages/ptf/SJ00157
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | rational_change | 7.5.0 | cpe:2.3:a:ibm:rational_change:7.5.0:*:*:*:*:*:*:* |
ibm | rational_change | 7.4.0 | cpe:2.3:a:ibm:rational_change:7.4.0:*:*:*:*:*:*:* |
ibm | rational_change | 7.3.0 | cpe:2.3:a:ibm:rational_change:7.3.0:*:*:*:*:*:*:* |
ibm | rational_change | 7.2.0 | cpe:2.3:a:ibm:rational_change:7.2.0:*:*:*:*:*:*:* |
ibm | i | 7.5.0 | cpe:2.3:o:ibm:i:7.5.0:*:*:*:*:*:*:* |
ibm | i | 7.4.0 | cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:* |
ibm | i | 7.3.0 | cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:* |
ibm | i | 7.2.0 | cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%