IBM Performance Tools for i 7.2-7.5 LPE via Host OS
CVE-2023-30989 Published on July 16, 2023

IBM i privilege escalation
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-30989 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Products Associated with CVE-2023-30989

Want to know whenever a new CVE is published for IBM I? stack.watch will email you.

IBM I

Affected Versions

IBM i Version 7.2, 7.3, 7.4, 7.5 is affected by CVE-2023-30989

Exploit Probability

EPSS

0.02%

Percentile

5.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM Performance Tools for i 7.2-7.5 LPE via Host OSCVE-2023-30989 Published on July 16, 2023

Vulnerability Analysis

Weakness Type

Improper Privilege Management

Products Associated with CVE-2023-30989

Affected Versions

Exploit Probability

IBM Performance Tools for i 7.2-7.5 LPE via Host OS
CVE-2023-30989 Published on July 16, 2023