Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentIbmVULNRICHMENT:CVE-2024-31870
HistoryJun 15, 2024 - 1:47 p.m.

CVE-2024-31870 IBM i information disclosure

2024-06-1513:47:19
CWE-204
ibm
github.com
10
ibm i
information disclosure
cve-2024-31870
ibm db2
user enumeration
user defined table function
x-force id
local authenticated attacker
*usrprf objects
malicious actor

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

9.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "i",
    "versions": [
      {
        "status": "affected",
        "version": "7.2, 7.3, 7.4, 7.5"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "db2_for_i",
    "versions": [
      {
        "status": "affected",
        "version": "7.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "db2_for_i",
    "versions": [
      {
        "status": "affected",
        "version": "7.2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "db2_for_i",
    "versions": [
      {
        "status": "affected",
        "version": "7.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2_for_i:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "db2_for_i",
    "versions": [
      {
        "status": "affected",
        "version": "7.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cvelist 1
cve 1
ibm 1
nvd 1
cvelist
cvelist
CVE-2024-31870 IBM i information disclosure
2024-06-15 13:47:19
cve
cve
CVE-2024-31870
2024-06-15 14:15:09
ibm
ibm
Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i. [CVE-2024-31870]
2024-06-15 01:00:19
nvd
nvd
CVE-2024-31870
2024-06-15 14:15:09

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

9.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-31870
cvelist1cve1ibm1nvd1