CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7157637	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/285203	VDB Entry
https://www.ibm.com/support/pages/node/7157637	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:i:7.2:::::::*
	cpe:2.3:a:ibm:i:7.3:::::::*
	cpe:2.3:a:ibm:i:7.4:::::::*
	cpe:2.3:a:ibm:i:7.5:::::::*

History

29 Sep 2025, 15:16

Type	Values Removed	Values Added
Summary	(en) IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203.	(en) IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.
CWE		CWE-266

21 Nov 2024, 09:04

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - VDB Entry
References	~~() https://www.ibm.com/support/pages/node/7157637 - Vendor Advisory~~	() https://www.ibm.com/support/pages/node/7157637 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.4

03 Aug 2024, 12:15

Type	Values Removed	Values Added
CWE	~~CWE-264~~

01 Aug 2024, 20:35

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:i:7.4:::::::* cpe:2.3:a:ibm:i:7.2:::::::* cpe:2.3:a:ibm:i:7.3:::::::* cpe:2.3:a:ibm:i:7.5:::::::*
First Time		Ibm Ibm i
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - VDB Entry
References	~~() https://www.ibm.com/support/pages/node/7157637 -~~	() https://www.ibm.com/support/pages/node/7157637 - Vendor Advisory
CWE		CWE-287
CVSS	v2 : ~~unknown~~ v3 : ~~7.4~~	v2 : unknown v3 : 7.8

17 Jun 2024, 12:42

Type	Values Removed	Values Added
Summary		(es) IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local causada por un requisito de autoridad insuficiente. Un usuario local sin privilegios de administrador puede configurar un activador de archivo físico para ejecutarlo con los privilegios de un usuario manipulado socialmente para acceder al archivo de destino. La corrección consiste en requerir privilegios de administrador para configurar la compatibilidad con activadores. ID de IBM X-Force: 285203.

15 Jun 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-15 14:15

Updated : 2025-09-29 15:16

NVD link : CVE-2024-27275

Mitre link : CVE-2024-27275

CVE.ORG link : CVE-2024-27275

JSON object : View

Products Affected

ibm

CWE

CWE-266

Incorrect Privilege Assignment

CWE-287

Improper Authentication

7.4 /10