exploitDog

CVE-2024-47104

Опубликовано: 18 дек. 2024

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.

Ссылки

https://www.ibm.com/support/pages/node/7179158
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.0009

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-5wg4-55wc-w7g6

CVSS3: 6.8

github

около 1 года назад

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.

EPSS

Процентиль: 26%

0.0009

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-732