30 May 2024 IBM i Security Alert: Management Central (07/11/2023)

New vulnerability detected in IBM’s security bulletin at the end of October (CVE-2023-40685, CVE-2023-40686).
IBM i is vulnerable to local privilege escalation due to flaws in “Management Central”, and these vulnerabilities exist even when the centralized management software is not being used for system management tasks.

A malicious actor with command-line access to the operating system can exploit this vulnerability to elevate their privileges and gain access to operating system components.

The CVSS index of this vulnerability is 4.9, so we advise you to take this into account and apply the patches as described in the remediation/corrections section on their website(Security Bulletin: IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686).) or in the attached screenshot:

Posted in

Latest news

Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more
Alert

IBM i Security Alert: 4 vulnerabilities in the IBM HTTP Server! (09/12/2024)

09 December 2024
Read more