CVE-2024-27264

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
I	Ibm	7.2 (including)	7.2 (including)
I	Ibm	7.3 (including)	7.3 (including)
I	Ibm	7.4 (including)	7.4 (including)
I	Ibm	7.5 (including)	7.5 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/284563
https://www.ibm.com/support/pages/node/7154595
https://exchange.xforce.ibmcloud.com/vulnerabilities/284563
https://www.ibm.com/support/pages/node/7154595

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-27264
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References