We wanted you to be aware of the following security bulletins that have been released from IBM as of 17th July 2023. The severity for all the below is considered to be HIGH! All issues have been addressed with PTF’s which are available for V7R2, V7R3, V7R4 & V7R5 of the IBMi Operating System, and the relevant PTF’s are shown on the link for each bulletin.
The first Security Bulletin: IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988)
Product ID – 5798-FAX V5R8M0
Below is a link to the full details:
https://www.ibm.com/support/pages/node/7012355
The second Security Bulletin: IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989)
Product ID – 5770-PT1
Below is the link to the full details
https://www.ibm.com/support/pages/node/7012353
The Third Security Bulletin: IBMi is vulnerable to a remote attacker executing CL commands due to exploitation of DDM architecture as described in the vulnerability details section. IBM i has addressed the vulnerability in the DDM architecture as described in the remediation/fixes section.
Product id – 5770-SS1
https://www.ibm.com/support/pages/node/7008573
If you would like to discuss this further or if you would like Recarta to provide some remote assistance – please do not hesitate to contact us.