Main Vulnerability Database Vulnerabilities #VU84548

#VU84548 Permissions, Privileges, and Access Controls in IBM Directory Server for IBM i - CVE-2023-40378

Published: December 19, 2023

Vulnerability identifier: #VU84548

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-40378

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
IBM Directory Server for IBM i

Software vendor:
IBM Corporation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local user with command line access to the host operating system can elevate privileges to gain component access to the host operating system.

Remediation

Install updates from vendor's website.

External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/263584
https://www.ibm.com/support/pages/node/7047240