CVE Daily
← All tags

Tag: IBM iSeries

All CVEs associated with "IBM iSeries". Page 1/1 • 71 CVEs.

About “IBM iSeries”

A curated feed of “IBM iSeries”-related CVEs appears below. We currently track 71 CVEs for this tag (all time). In the last 365 days, 12 were published. Average CVSS is 6.8 (all time; 7.6 over 365d), and 51% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-250 - Execution with Unnecessary Privileges, CWE-427 - Uncontrolled Search Path Element.

In our taxonomy this topic maps to a LOW impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: ibm-i

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestExtended SupportEOLLTS
7.67.6.0Unavailable-
7.57.5.0Unavailable-
7.47.4.0Unavailable Soon
7.37.3.0 Expired
7.27.2.0 Expired
7.17.1.0Unavailable Expired
6.16.1.0 Expired
5.45.4 Expired
5.35.3 Expired
5.25.2Unavailable Expired
5.15.1Unavailable Expired
4.54.5 Expired
4.44.4 Expired
4.34.3Unavailable Expired
4.24.2 Expired
4.14.1Unavailable Expired
3.73.7Unavailable Expired
3.23.2Unavailable Expired
3.63.6Unavailable Expired
3.13.1Unavailable Expired
3.03.0.5Unavailable Expired
2.32.3Unavailable Expired
2.22.2Unavailable Expired
2.12.1.1Unavailable Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “IBM iSeries”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-06-01
High

CVE-2026-7770

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.

CVSS: 8.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2026-05-27
Medium

CVE-2026-6936

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th…

CVSS: 6.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
2026-04-30
Medium

CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to ru…

CVSS: 6.4 CWE: CWE-284 - Improper Access Control View on NVD
2026-03-17
High

CVE-2026-1376

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-11-19
Medium

CVE-2025-36371

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation.  A user with access to the database plan cache could see informatio…

CVSS: 6.5 CWE: CWE-598 - Use of HTTP Request With Sensitive Query String View on NVD
2025-11-01
High

CVE-2025-36367

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-14
Medium

CVE-2025-36035

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially…

CVSS: 6.7 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-09-09
Critical

CVE-2025-42958

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as…

CVSS: 9.1 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2025-08-08
High

CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authe…

CVSS: 7.1 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2025-07-24
High

CVE-2025-33109

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all…

CVSS: 7.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2025-06-25
High

CVE-2025-36004

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to ru…

CVSS: 8.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-06-17
High

CVE-2025-33122

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled…

CVSS: 7.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-05-17
High

CVE-2025-33103

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating syste…

CVSS: 8.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2025-05-07
Medium

CVE-2025-3218

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in…

CVSS: 5.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-04-18
Medium

CVE-2025-2950

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the…

CVSS: 5.4 CWE: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax View on NVD
2025-04-17
High

CVE-2025-2947

IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the h…

CVSS: 7.2 CWE: CWE-278 - Insecure Preserved Inherited Permissions View on NVD
2025-02-24
High

CVE-2024-55898

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-…

CVSS: 8.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-02-14
Medium

CVE-2024-52895

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database…

CVSS: 6.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-01-24
Low

CVE-2024-35122

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint…

CVSS: 2.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-12-21
Medium

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remot…

CVSS: 4.3 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
Medium

CVE-2024-51463

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network e…

CVSS: 5.4 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2024-12-18
Medium

CVE-2024-47104

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes withou…

CVSS: 6.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2024-06-21
High

CVE-2024-31890

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system ca…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2024-06-15
High

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical…

CVSS: 7.4 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-06-07
Medium

CVE-2024-31878

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SS…

CVSS: 5.3 CWE: CWE-203 - Observable Discrepancy View on NVD
2024-05-18
High

CVE-2024-31879

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-04-28
High

CVE-2024-25050

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified…

CVSS: 8.4 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2024-03-14
High

CVE-2024-22346

Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run…

CVSS: 8.4 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2024-02-09
Medium

CVE-2024-22318

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS config…

CVSS: 5.1 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2023-12-25
High

CVE-2023-43064

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with t…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-12-18
Medium

CVE-2023-47741

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage…

CVSS: 5.3 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2023-12-14
High

CVE-2023-45185

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations o…

CVSS: 7.4 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-45182

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a…

CVSS: 7.4 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2023-45184

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.

CVSS: 6.2 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
2023-10-29
High

CVE-2023-40685

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can explo…

CVSS: 7.4 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-40686

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can explo…

CVSS: 4.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-16
Medium

CVE-2023-40377

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system c…

CVSS: 4.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-15
Medium

CVE-2023-40378

IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component a…

CVSS: 4.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-09-28
High

CVE-2023-40375

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevat…

CVSS: 7.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-08-14
High

CVE-2023-38721

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges…

CVSS: 8.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-07-16
High

CVE-2023-30988

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elev…

CVSS: 8.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-07-04
High

CVE-2023-30990

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.

CVSS: 8.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-05-04
Medium

CVE-2023-23470

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specia…

CVSS: 6.4 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-11-21
High

CVE-2022-40746

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerabil…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2022-07-13
Medium

CVE-2022-34358

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-05-24
High

CVE-2022-22495

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-01-13
Medium

CVE-2021-39056

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID:…

CVSS: 6.5 CWE: N/A View on NVD
2021-12-30
Medium

CVE-2021-38876

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2021-12-10
Medium

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.

CVSS: 6.5 CWE: N/A View on NVD
2021-04-21
High

CVE-2021-20501

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could e…

CVSS: 8.2 CWE: N/A View on NVD
2020-06-09
Critical

CVE-2020-9412

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the pr…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2020-9411

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized netwo…

CVSS: 10.0 CWE: N/A View on NVD
2020-05-17
Low

CVE-2020-4345

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Fo…

CVSS: 3.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2019-11-09
Medium

CVE-2019-4450

IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2019-08-29
Medium

CVE-2019-4536

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect proc…

CVSS: 6.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-06-14
Medium

CVE-2019-4381

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker co…

CVSS: 5.5 CWE: CWE-255 View on NVD
2019-01-31
Medium

CVE-2019-4040

IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2019-01-04
Medium

CVE-2018-1888

An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, rela…

CVSS: 5.3 CWE: CWE-426 - Untrusted Search Path View on NVD
2017-08-28
High

CVE-2015-0114

Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-07-31
High

CVE-2017-1460

IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2017-07-25
Critical

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the da…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-07-08
High

CVE-2016-0287

IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-06-19
Medium

CVE-2015-7462

IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcert…

CVSS: 4.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-01-02
Medium

CVE-2015-7422

Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-7416

AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file.

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-2023

Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-05-25
Medium

CVE-2015-1909

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attack…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2015-01-28
High

CVE-2014-8920

Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-01-02
High

CVE-2013-5385

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertise…

CVSS: 8.5 CWE: CWE-20 - Improper Input Validation View on NVD
2012-01-19
Medium

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/…

CVSS: 4.6 CWE: CWE-264 View on NVD
2005-05-02
Medium

CVE-2005-1133

The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.

CVSS: 5.0 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox