📦 I

CVE-2025-36119 is a web session hijacking vulnerability in IBM Digital Certificate Manager for i (DCM) that allows authenticated non-administrator users to escalate privileges and perform administrati...

IBM i operating systems versions 7.2 through 7.6 contain a database authority check vulnerability that allows unauthorized execution of database procedures or functions. Attackers with some database a...

This vulnerability in IBM Backup, Recovery and Media Services for i allows users with program compilation or restoration privileges to escalate their access rights. An attacker could execute arbitrary...

This CVE describes a privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i on IBM i operating systems. An attacker with command line access can exploit this to gain root privil...

This vulnerability allows users with program compilation or restoration capabilities on IBM i systems to gain elevated privileges through an unqualified library call. Attackers could execute user-cont...

This vulnerability in IBM System Management for i allows a local user to escalate privileges by exploiting an unqualified library program call. An attacker could execute arbitrary code with administra...

This CVE describes a local privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i on IBM i 7.3, 7.4, and 7.5. An attacker with command line access to the host operating system c...

This CVE describes a local privilege escalation vulnerability in IBM i operating systems where a non-administrative user can configure a physical file trigger to execute with elevated privileges by tr...

This vulnerability in IBM i and IBM Rational Development Studio for i allows a local user to execute arbitrary code with administrator privileges due to an unqualified library call. It affects IBM i v...

This vulnerability in IBM Db2 for i allows a local user to escalate privileges through an unqualified library call, enabling execution of user-controlled code with administrator privileges. It affects...

This vulnerability in IBM Administration Runtime Expert for i allows local users to bypass proper authority checks and access sensitive information they shouldn't have permission to view. It affects I...

This CVE describes a local privilege escalation vulnerability in IBM i's integrated application server. An attacker with command-line access to the host OS can exploit it to gain root privileges, affe...

This CVE describes a local privilege escalation vulnerability in IBM Performance Tools for i. An attacker with command-line access to the host operating system can elevate privileges to gain full obje...

This vulnerability allows remote attackers to execute arbitrary CL commands as the QUSER account on IBM i systems by exploiting the DDM architecture. It affects IBM i versions 7.2, 7.3, 7.4, and 7.5. ...

This SQL injection vulnerability in IBM i 7.3, 7.4, and 7.5 allows remote attackers to execute arbitrary SQL commands against the database. Attackers could read, modify, or delete sensitive data, pote...

IBM i operating systems (versions 7.2-7.6) have an information disclosure vulnerability in the database plan cache implementation. Authenticated users with access to the plan cache can view unauthoriz...

IBM i Netserver has authentication and authorization validation flaws that could allow attackers to brute force credentials or bypass access controls. This affects IBM i operating systems versions 7.2...

This vulnerability allows privileged users on IBM i 7.4 and 7.5 systems to bypass database capability restrictions, potentially deleting or modifying critical database infrastructure files. This can c...

This vulnerability allows authenticated IBM i users to bypass interface restrictions in Navigator for i by sending specially crafted requests. Attackers could perform unauthorized operations that thei...

This vulnerability allows authenticated IBM i users with view authority to modify security attributes of underlying physical files without proper object management rights. An attacker could bypass int...

IBM i Service Tools Server (SST) versions 7.2 through 7.5 are vulnerable to user enumeration by remote attackers. This allows malicious actors to identify valid SST user accounts, which can then be ta...