← Back

CVE-2024-47104

nvd nist
Published: Dec 18, 2024Modified: Jul 3, 2025

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: psirt@us.ibm.com (Secondary)

Description

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges.

Affected (2)

Products: Ibm: I
Ibm
1 product
I
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
I
Version 7.4
I
Version 7.5
Running on/withPlatform Versions
Ibm
I
All versions

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.