CVE-2024-22346 – This vulnerability in IBM Db2 for i allows a lo... (How to Fix)

Q: What is the severity of CVE-2024-22346?

CVE-2024-22346 has a CVSS score of 8.4 (HIGH). This vulnerability in IBM Db2 for i allows a local user to escalate privileges through an unqualified library call, enabling execution of user-controlled code with administrator privileges. It affects Db2 for IBM i versions 7.2 through 7.5. The attacker must have local access to the system.

📋 TL;DR

This vulnerability in IBM Db2 for i allows a local user to escalate privileges through an unqualified library call, enabling execution of user-controlled code with administrator privileges. It affects Db2 for IBM i versions 7.2 through 7.5. The attacker must have local access to the system.

💻 Affected Systems

Products:

IBM Db2 for i

Versions: 7.2, 7.3, 7.4, 7.5

Operating Systems: IBM i (formerly AS/400, iSeries)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Db2 infrastructure component on IBM i systems. Requires local user access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where a local attacker gains full administrator privileges, potentially leading to data theft, system manipulation, or persistence mechanisms.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access sensitive data, or modify system configurations.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and privilege separation is enforced.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over the network.

🏢 Internal Only: HIGH - Local users with any level of access could potentially exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but appears to be straightforward once access is obtained. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM i PTF Group SF99738 Level 27 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7140499

Restart Required: Yes

Instructions:

1. Check current PTF level with DSPPTF. 2. Apply PTF Group SF99738 Level 27 or later. 3. Restart the system as required. 4. Verify the fix with DSPPTF.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to only trusted personnel and implement strict access controls.

Implement privilege separation

all

Ensure users operate with least privilege and separate administrative functions from regular user activities.

🧯 If You Can't Patch

Implement strict access controls to limit local user accounts to only essential personnel
Monitor for suspicious privilege escalation attempts and review user activity logs regularly

🔍 How to Verify

Check if Vulnerable:

Check IBM i version and PTF level. Vulnerable if running Db2 for i 7.2-7.5 without PTF Group SF99738 Level 27 or later.

Check Version:

DSPPTF to check PTF levels, or WRKSYSVAL QVERSION to check OS version

Verify Fix Applied:

Verify PTF Group SF99738 Level 27 or later is installed using DSPPTF command.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts
Suspicious library calls or DLL injections
Unexpected administrative actions from non-admin accounts

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

Search for privilege escalation events, unexpected admin privilege usage, or security log entries indicating library manipulation

📊 Metadata

CVE ID: CVE-2024-22346

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: March 14, 2024

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7140499 Patch,Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7140499 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22346, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

I by Ibm

I by Ibm

I by Ibm

I by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user access

Implement privilege separation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities