An improper privilege management vulnerability in IBM Performance Tools for i allows authenticated local attackers with command line access to gain all object access to the host operating system. The vulnerability can be exploited by abusing the QPFR/QAVCPP program.
An remote CL Command Injection on IBM i DDM Service allows unauthenticated remote attackers to execute CL commands in the context of the QUSER user account.
This update adds support for SSL services and an extra exploit stage
This update adds support for SSL services and an extra exploit stage
An remote CL Command Injection on IBM i DDM Service allows unauthenticated remote attackers to execute CL commands in the context of the QUSER user account.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by IBM DB2 Web Query for IBM i, allows unauthenticated attackers to execute system commands.