Analysis Summary

CVE-2023-47726 CVSS:7.1

IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation.

CVE-2024-31870 CVSS:3.3

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks.

CVE-2024-27275 CVSS:7.4

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.

CVE-2024-22333 CVSS:4

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.

CVE-2024-25052 CVSS:4.4

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user.

Impact

• Gain Access
• Information Disclosure
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2023-47726
• CVE-2024-31870
• CVE-2024-27275
• CVE-2024-22333
• CVE-2024-25052

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-47726

CVE-2024-31870

CVE-2024-27275

CVE-2024-22333

CVE-2024-25052