Severity: MEDIUM
Description: IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.
CVSS Score: 5.3
D
No data available.
No data available.
1. Risk Assessment
The vulnerability CVE-2023-47741 impacts IBM i 7.3, 7.4, 7.5, and IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients. The core issue is the potential for clear-text passwords to reside in browser memory, accessible via common browser tools. This is an information disclosure vulnerability, rated as MEDIUM severity with a CVSS score of 5.3. The business impact centers around potential compromise of IBM i systems. The likelihood of exploitation is moderate, as it requires physical access to the victim's PC. The ease of exploitation is relatively low, requiring some familiarity with browser developer tools. Confidentiality is the primary impact, as a successful attack allows an attacker to retrieve credentials. Integrity and availability are less directly impacted, although gaining access to the IBM i system could eventually lead to compromises in those areas. The EPSS score of 0.00037 indicates a relatively low probability of exploitation in the wild, but the potential impact warrants attention.
2. Potential Attack Scenarios
A potential attack scenario involves a malicious actor gaining physical access to a user's workstation where an IBM i session is active via a web browser. The attacker could use common browser developer tools (e.g., Chrome DevTools, Firefox Developer Tools) to inspect browser memory. Within the memory, they could locate the clear-text password used for the IBM i session. This password could then be used to directly log into the IBM i operating system, gaining access to potentially sensitive data and applications. The attack vector is physical access, and the attack process involves leveraging readily available browser tools. A successful outcome could result in data breaches, unauthorized system modifications, and potential disruption of business operations.
3. Mitigation Recommendations
The primary mitigation is to apply the patches released by IBM. IBM recommends updating to the latest versions of IBM i 7.3, 7.4, 7.5 and IBM i Db2 Mirror for i 7.4 and 7.5. Specific details can be found in the following IBM support pages: https://www.ibm.com/support/pages/node/7097785 and https://www.ibm.com/support/pages/node/7097801. In the interim, users should be encouraged to clear their browser cache and cookies frequently, especially after completing their IBM i session. Consider implementing multi-factor authentication (MFA) for IBM i access to add an extra layer of security, even if the password is compromised. Organizations should also educate users on basic security hygiene, including being mindful of physical access to their workstations.
4. Executive Summary
CVE-2023-47741 is a medium-severity vulnerability affecting IBM i and Db2 Mirror for i web browser clients. It allows a malicious actor with physical access to a user’s computer to potentially steal clear-text IBM i passwords from browser memory. While the likelihood of exploitation is moderate, a successful attack could lead to unauthorized access to the IBM i operating system and its valuable data. We recommend prioritizing patching to the latest versions of IBM i and Db2 Mirror for i. Implementing multi-factor authentication and user security awareness training will provide additional protection. Addressing this vulnerability is important to maintain the confidentiality of our IBM i systems and prevent potential business disruption.
Severity: HIGH
Description: IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.
CVSS Score: 7.8
B
No data available.
No data available.
1. Risk Assessment
The vulnerability identified as CVE-2024-31890 is a local privilege escalation flaw in IBM i 7.3, 7.4, and 7.5, specifically within the IBM TCP/IP Connectivity Utilities for i. This vulnerability allows a malicious actor with command line access to the host operating system to elevate their privileges and gain root access. The CVSS v3.1 base score of 7.8 (HIGH) reflects the significant risk posed by this issue. The attack vector is local, meaning the attacker must already have some level of access to the system, and the attack complexity is low, making exploitation relatively straightforward for an attacker with the necessary access.
The potential business impact is severe, as gaining root access compromises the confidentiality, integrity, and availability of the system. An attacker could access sensitive data, modify system configurations, or disrupt operations. The likelihood of exploitation is moderate, given that the attacker requires local access, but the ease of exploitation increases the risk. Organizations with exposed systems or insufficient access controls are particularly vulnerable.
2. Potential Attack Scenarios
A potential attack scenario involves an insider threat or a compromised user account. An attacker with legitimate but limited access to the system could exploit this vulnerability to escalate privileges. For example, a disgruntled employee with command line access could execute a series of commands to exploit the flaw, gaining root privileges. Once root access is achieved, the attacker could install malicious software, exfiltrate sensitive data, or disrupt critical services. The attack process would involve identifying the vulnerable component, executing the exploit, and leveraging the elevated privileges to carry out further malicious activities. The outcome could include data breaches, operational downtime, and reputational damage.
3. Mitigation Recommendations
Immediate action is required to mitigate this vulnerability. Organizations should apply the latest patches provided by IBM for the affected versions of IBM i (7.3, 7.4, and 7.5). The patch can be obtained from IBM's official support page: https://www.ibm.com/support/pages/node/7158240. Additionally, organizations should review and restrict command line access to only those users who require it for their roles. Implementing strict access controls and monitoring for unusual activity can further reduce the risk of exploitation. Regular security audits and vulnerability assessments should be conducted to identify and address similar issues proactively.
4. Executive Summary
CVE-2024-31890 is a high-severity vulnerability in IBM i 7.3, 7.4, and 7.5 that allows local users to escalate privileges and gain root access to the system. This poses a significant risk to the confidentiality, integrity, and availability of affected systems. Exploitation is relatively straightforward for attackers with local access, making it a critical issue for organizations using these versions of IBM i.
The potential business impact includes data breaches, operational disruptions, and reputational harm. To mitigate this risk, organizations should immediately apply the provided patches and restrict command line access to essential personnel only. Proactive monitoring and regular security assessments are also recommended to prevent similar vulnerabilities from being exploited. Addressing this vulnerability is crucial to maintaining the security and stability of affected systems.
Severity: MEDIUM
Description: IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Score: 5.4
D
No data available.
1. Risk Assessment
The vulnerability CVE-2024-51463 affects IBM i versions 7.3, 7.4, and 7.5 and is a server-side request forgery (SSRF) vulnerability. This means an authenticated attacker can potentially cause the IBM i system to make requests to unintended destinations. The base CVSS score is 5.4 (Medium), indicating a moderate level of risk. The vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N shows network accessibility, low attack complexity, requires low privileges (authenticated user), no user interaction, and impacts confidentiality and integrity but not availability. The EPSS score of 0.011470000 suggests a relatively low, but present, probability of exploitation in the wild. The business impact could range from information disclosure through network enumeration to potential compromise of backend systems accessible from the IBM i server. The likelihood of exploitation is moderate, as it requires an authenticated user, but the ease of exploitation is relatively high given the low attack complexity. Impacts to confidentiality and integrity are low, meaning the attacker is unlikely to gain full control, but can potentially steal or modify data.
2. Potential Attack Scenarios
An authenticated user with access to a feature that allows specifying a URL or file path can exploit this vulnerability. For example, if the IBM i system has a web interface allowing users to download files from a specified URL, an attacker could provide an internal URL (e.g., http://localhost:8080/admin_page) as the download source. The IBM i system, when processing the request, would then make a request to that internal URL on behalf of the server. If the internal URL isn’t properly protected, the attacker could access administrative pages, potentially leading to configuration changes or information disclosure. The attack vector is network-based, initiated by an authenticated user. The attack process involves crafting a malicious URL as part of a legitimate request, triggering the SSRF. The potential outcome is the attacker gaining access to internal resources normally protected from external access, leading to data enumeration or modification, potentially impacting business operations.
3. Mitigation Recommendations
The primary mitigation is to apply the fix provided by IBM. Refer to the IBM support page for the appropriate PTF (Program Temporary Fix) for your specific IBM i version: https://www.ibm.com/support/pages/node/7179509. In addition to patching, consider implementing these mitigations:
* Input Validation: Validate all user-supplied URLs or file paths to ensure they conform to expected formats and destinations.
* Network Segmentation: Segment the network to limit the impact of a successful SSRF attack. Restrict access from the IBM i server to only necessary internal resources.
* Web Application Firewall (WAF): Deploy a WAF to inspect outgoing requests from the IBM i system and block any that are deemed malicious or unexpected.
* Least Privilege: Ensure authenticated users have only the minimum necessary privileges to perform their tasks, reducing the attack surface. Regularly review user permissions.
4. Executive Summary
IBM i versions 7.3, 7.4, and 7.5 are vulnerable to a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-51463). This allows an authenticated attacker to make unauthorized requests from the IBM i system, potentially exposing internal resources or allowing for data modification. While the risk is assessed as medium, the vulnerability should be addressed promptly, as successful exploitation could lead to network enumeration and potential compromise of backend systems. The most effective mitigation is to apply the patch released by IBM, available at https://www.ibm.com/support/pages/node/7179509. Additional measures, such as input validation and network segmentation, can further reduce the risk. Addressing this vulnerability is important to protect the confidentiality and integrity of data processed by the IBM i system and to maintain overall business operations.
Severity: MEDIUM
Description: IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
CVSS Score: 4.3
D
No data available.
1. Risk Assessment
The vulnerability CVE-2024-51464 affects IBM i versions 7.3, 7.4, and 7.5, allowing authenticated attackers to bypass Navigator for i interface restrictions. The nature of the vulnerability is an authentication bypass via an alternate path or channel (CWE-288). This means a user who is already authenticated to the IBM i system, but has limited privileges within the Navigator for i interface, can potentially perform operations they wouldn't normally be authorized to do. The base CVSS score of 4.3 (Medium) indicates a moderate risk. The likelihood of exploitation is moderate, as it requires an authenticated user. The ease of exploitation is considered low, as a specially crafted request is needed. The impact is primarily on integrity – an attacker could modify data or perform actions they shouldn't be able to. Confidentiality and availability are less directly impacted, but could be affected as a consequence of compromised integrity. Business impact could range from minor data inconsistencies to more significant operational disruptions depending on the specific operations the attacker can perform. The EPSS score of 0.004470000 indicates a relatively low, but present, probability of exploitation in real-world scenarios.
2. Potential Attack Scenarios
An attacker, already authenticated to the IBM i system with limited Navigator for i privileges, could craft a specific request designed to bypass the interface restrictions. For example, a user with read-only access to a specific file share through Navigator for i could construct a request that allows them to modify or delete files in that share. The attack vector is network-based, meaning the attacker can exploit the vulnerability remotely. The attack process involves the attacker identifying a resource they wish to manipulate, crafting a request that leverages the bypass, and sending the request to the IBM i system. The potential outcome is unauthorized modification or deletion of data, potentially leading to data corruption, operational disruptions, or even a compromised system if the attacker can escalate privileges through the bypass.
3. Mitigation Recommendations
The primary mitigation is to apply the latest IBM i fix pack or PTF (Program Temporary Fix) as detailed in the IBM support documentation. The link to the official IBM documentation is: https://www.ibm.com/support/pages/node/7179509. This fix should address the Navigator for i interface restrictions, preventing the authentication bypass. Immediate action should be taken to patch all affected IBM i systems (7.3, 7.4, and 7.5). In the short term, organizations should review Navigator for i user privileges and limit access to only necessary resources, minimizing the potential impact if the vulnerability is exploited. Monitor network traffic for unusual requests originating from authenticated users, potentially indicating exploitation attempts. Regularly review IBM security bulletins for new updates and patches related to IBM i.
4. Executive Summary
IBM i versions 7.3, 7.4 and 7.5 are affected by a medium-severity vulnerability (CVE-2024-51464) that allows authenticated users to bypass security restrictions within the Navigator for i interface. This means a user with limited access could potentially perform actions they shouldn't be authorized to, potentially leading to data modification or operational disruptions. While the vulnerability requires a specifically crafted request, the risk is present and should be addressed promptly. Applying the latest IBM i fix pack or PTF is the most effective mitigation. Addressing this vulnerability is important to maintain data integrity and ensure the smooth operation of IBM i-based applications, preventing potential business impact from unauthorized changes or disruptions. Prompt patching and review of user privileges are key to minimizing risk.