Main Vulnerability Database Vulnerabilities #VU78912

Permissions, Privileges, and Access Controls in Performance Tools for i - CVE-2023-30989

Published: August 3, 2023

Vulnerability identifier: #VU78912

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-30989

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Performance Tools for i

Software vendor:
IBM Corporation

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local attacker with command line access to the host operating system can elevate privileges to gain all object access to the host operating system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7012353
https://exchange.xforce.ibmcloud.com/vulnerabilities/254017

Permissions, Privileges, and Access Controls in Performance Tools for i - CVE-2023-30989

Description

Remediation

External links

Please verify you're human