First published: Wed Jul 03 2024(Updated: )
IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM iSeries AS/400 | <=7.4 | |
IBM iSeries AS/400 | <=7.3 | |
IBM iSeries AS/400 | <=7.2 | |
IBM iSeries AS/400 | =7.2 | |
IBM iSeries AS/400 | =7.3 | |
IBM iSeries AS/400 | =7.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-38330 is considered high due to the potential for local users to gain elevated privileges.
To fix CVE-2024-38330, users should apply the latest security updates provided by IBM for systems running affected versions.
CVE-2024-38330 affects IBM System Management for i versions 7.2, 7.3, and 7.4.
CVE-2024-38330 allows a malicious actor to execute user-controlled code with administrator privileges.
Currently, the best approach is to update the affected systems, as no official workaround has been provided for CVE-2024-38330.