IBM I

IBM i 7.2-7.6 Unprivileged Info Disclosure in DB Plan Cache
CVE-2025-36371 6.5 - Medium - November 19, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see information they do not have authority to view.

Use of GET Request Method With Sensitive Query Strings

IBM i 7.2-7.6 SQL Services Auth Check Priv Esc
CVE-2025-36367 8.8 - High - November 01, 2025

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

AuthZ

IBM DCM Web Session Hijacking - Privilege Escalation on i 7.3-7.6
CVE-2025-36119 8.8 - High - August 08, 2025

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.

Authentication Bypass by Spoofing

PE in IBM i 7.2-7.6 via DB Authority Check
CVE-2025-33109 8.8 - High - July 24, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.

Execution with Unnecessary Privileges

IBM Facsimile Support i (pre-7.4) Elev. Privileges via Unqualified Lib Call
CVE-2025-36004 8.8 - High - June 25, 2025

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.

DLL preloading

Elevated Privileges via Unqualified Lib Call in IBM Job Scheduler for i 7.2-7.6
CVE-2025-33122 7.5 - High - June 17, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.

DLL preloading

IBM TCP/IP Connectivity Utilities for i 7.2-7.6 Priv Esc via CLI
CVE-2025-33103 8.5 - High - May 17, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.

Execution with Unnecessary Privileges

IBM i NetServer Auth Bypass (v7.2-7.6)
CVE-2025-3218 5.4 - Medium - May 07, 2025

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.

Improper Certificate Validation

IBM Navigator for i <7.5 – Host Header Injection via HTTP header neutralization
CVE-2025-2950 5.4 - Medium - April 18, 2025

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.

Improper Neutralization of HTTP Headers for Scripting Syntax

IBM i 7.6 Privilege Escalation via OS Command Profile Swapping
CVE-2025-2947 7.2 - High - April 17, 2025

IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.

Insecure Preserved Inherited Permissions

Privilege Escalation via Unqualified Library Call on IBM i 7.2-7.5
CVE-2024-55898 8.5 - High - February 24, 2025

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

DLL preloading

IBM i 7.4/7.5 Denial of Service via DB Access Bypass (CVE-2024-52895)
CVE-2024-52895 6.5 - Medium - February 14, 2025

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.

Improper Check for Unusual or Exceptional Conditions

IBM i 7.27.5 FileLevel LDoS via Insufficient Authority
CVE-2024-35122 2.8 - Low - January 24, 2025

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.

Incorrect Privilege Assignment

IBM PowerHA SystemMirror i 7.4/7.5: Unrestricted iFrame Access
CVE-2024-55896 5.4 - Medium - January 03, 2025

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames.  This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

User Interface (UI) Misrepresentation of Critical Information

IBM i Navigator for i Interface Restriction Bypass Vulnerability
CVE-2024-51464 4.3 - Medium - December 21, 2024

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

Authentication Bypass Using an Alternate Path or Channel

IBM i Server-Side Request Forgery (SSRF) Vulnerability
CVE-2024-51463 5.4 - Medium - December 21, 2024

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

SSRF

IBM i 7.4/7.5 Authenticated User Privilege Escalation via Physical File Security Attributes
CVE-2024-47104 6.8 - Medium - December 18, 2024

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.

Incorrect Permission Assignment for Critical Resource

Local Privilege Escalation in IBM SysMgmt for i 7.27.4 via Unqualified Lib Call
CVE-2024-38330 7.8 - High - July 08, 2024

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.

DLL preloading

LPE in IBM TCP/IP Connectivity Utilities 7.3-7.5
CVE-2024-31890 - June 21, 2024

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.

Execution with Unnecessary Privileges

IBM Db2 for i 7.2-7.5: Local Authenticated User Enumeration via UDFs
CVE-2024-31870 3.3 - Low - June 15, 2024

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174.

Side Channel Attack

IBM i 7.x LPE via Physical File Trigger (CVE-2024-27275)
CVE-2024-27275 7.4 - High - June 15, 2024

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.

Incorrect Privilege Assignment

IBM i Service Tools Server Remote User Enumeration (CVE-2024-31878)
CVE-2024-31878 5.3 - Medium - June 07, 2024

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

Side Channel Attack

IBM Perf Tools for i 7.2-7.5 Local Priv Escalation via Unqualified Lib Call
CVE-2024-27264 7.8 - High - May 22, 2024

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

IBM i 7.27.4 Remote RCE via Untrusted Deserialization
CVE-2024-31879 - May 18, 2024

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.

Marshaling, Unmarshaling

IBM i 7.27.5 Local Priv Escal via Unqualified Lib Call
CVE-2024-25050 7.8 - High - April 28, 2024

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.

DLL preloading

Db2 for IBM i 7.27.5 Elevation via Unqualified Library Call
CVE-2024-22346 7.8 - High - March 14, 2024

Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.

DLL preloading

IBM i Facsimile Support Unqualified Library Call Elevates Privileges (7.27.5)
CVE-2023-43064 7.8 - High - December 25, 2023

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.

DLL preloading

IBM i & Db2 Mirror Browser Leak Clear-Text Passwords in Memory
CVE-2023-47741 5.3 - Medium - December 18, 2023

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

Insufficiently Protected Credentials

IBM Admin Runtime Expert for i 7.2-7.5 Auth Checks Allow Local Info Leak
CVE-2023-42006 5.5 - Medium - December 01, 2023

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.

AuthZ

IBM i 7.2-7.5 Navigator LPE via Management Central
CVE-2023-40685 7.8 - High - October 29, 2023

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.

Improper Privilege Management

Local Privilege Escalation in IBM i Management Central Navigator (v7.2v7.5)
CVE-2023-40686 7.8 - High - October 29, 2023

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.

Improper Privilege Management

Local Priv Esc in IBM i BRMS 7.27.4
CVE-2023-40377 7.8 - High - October 16, 2023

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.

Local Privileged Escalation in IBM Directory Server for IBM i
CVE-2023-40378 7.8 - High - October 15, 2023

IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.

Local Privilege Escalation in IBM i Integrated Application Server 7.2-7.5
CVE-2023-40375 7.8 - High - September 28, 2023

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.

Improper Privilege Management

Local Privilege Escalation via Facsimile Support on IBM i 7.2-7.5
CVE-2023-38721 7.8 - High - August 14, 2023

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173.

IBM Performance Tools for i 7.2-7.5 LPE via Host OS
CVE-2023-30989 7.8 - High - July 16, 2023

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.

IBM i Facsimile Support local priv esc (pre-7.5)
CVE-2023-30988 7.8 - High - July 16, 2023

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.

IBM i 7.27.5 Remote CL Exec as QUSER via DDM flaw
CVE-2023-30990 9.8 - Critical - July 04, 2023

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.

Code Injection

IBM i 7.2-7.5 Authenticated SQL Privilege Escalation (CVE-2023-23470)
CVE-2023-23470 6.4 - Medium - May 04, 2023

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.

SQL Injection

IBM Navigator for i 7.3-7.5 SQLi: Authenticated user can exfil sensitive data via interface
CVE-2022-43860 4.3 - Medium - December 24, 2022

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.

SQL Injection

IBM Navigator for i 7.37.5: UNION SQLi Reveals File Permissions
CVE-2022-43859 4.3 - Medium - December 22, 2022

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.

SQL Injection

IBM Navigator for i 7.3-7.5 Authenticated FS Access Bypass via Param Mod
CVE-2022-43858 4.3 - Medium - December 22, 2022

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.

Directory traversal

IBM Navigator for i 7.3-7.5 Log File Disclosure via Servlet Filter
CVE-2022-43857 4.3 - Medium - December 22, 2022

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.

Directory traversal

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could
CVE-2022-22481 5.3 - Medium - May 09, 2022

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899.

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request
CVE-2021-39056 6.5 - Medium - January 13, 2022

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting
CVE-2021-38876 6.1 - Medium - December 30, 2021

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.

XSS

IBM Db2 9.7
CVE-2021-20373 - December 09, 2021

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could
CVE-2021-20560 - July 26, 2021

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could
CVE-2021-20430 - July 26, 2021

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could
CVE-2021-20431 - July 26, 2021

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.