CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.1%
IBM i is vulnerable to a remote attacker executing CL commands due to an exploitation of DDM architecture as described in the vulnerability details section. IBM i has addressed the vulnerability in the DDM architecture as described in the remediation/fixes section.
CVEID:CVE-2023-30990
**DESCRIPTION:**IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers for IBM i 5770-SS1 Base Operating System contain the fix for the vulnerability.
IBM i Release| 5770-SS1
PTF Number| PTF Download Link
—|—|—
7.5| SI83472| <https://www.ibm.com/support/pages/ptf/SI83472>
7.4| SI83473| <https://www.ibm.com/support/pages/ptf/SI83473>
7.3| SI83474| <https://www.ibm.com/support/pages/ptf/SI83474>
7.2| SI84090| <https://www.ibm.com/support/pages/ptf/SI84090>
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_i_7.5_preventative_service_planning | 7.5.0 | cpe:2.3:a:ibm:ibm_i_7.5_preventative_service_planning:7.5.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.4.0 | cpe:2.3:a:ibm:planning_analytics:7.4.0:*:*:*:*:*:*:* |
ibm | i | 7.5.0 | cpe:2.3:o:ibm:i:7.5.0:*:*:*:*:*:*:* |
ibm | i | 7.4.0 | cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:* |
ibm | i | 7.3.0 | cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:* |
ibm | i | 7.2.0 | cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.3.0 | cpe:2.3:a:ibm:planning_analytics:7.3.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.2.0 | cpe:2.3:a:ibm:planning_analytics:7.2.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.1%