{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35122", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-05-09T16:27:14.739Z", "datePublished": "2025-01-24T17:27:26.745Z", "dateUpdated": "2025-09-29T15:10:26.137Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.3"}, {"status": "affected", "version": "7.4"}, {"status": "affected", "version": "7.5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file."}], "value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-29T15:10:26.137Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7178317"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35122", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T17:48:19.223233Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:01:14.947Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35122", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T17:48:19.223233Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:54:15.149Z"}}], "cna": {"title": "IBM i denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "i", "versions": [{"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.3"}, {"status": "affected", "version": "7.4"}, {"status": "affected", "version": "7.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7178317", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.", "supportingMedia": [{"type": "text/html", "value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-29T15:10:26.137Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35122", "state": "PUBLISHED", "dateUpdated": "2025-09-29T15:10:26.137Z", "dateReserved": "2024-05-09T16:27:14.739Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-01-24T17:27:26.745Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5E41BD05-37B8-4494-9344-506D4BCF43C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88B74622-BDB2-43AE-A91F-FADEC4B64B4F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file."}, {"lang": "es", "value": "IBM i 7.2, 7.3, 7.4 y 7.5 es vulnerable a una denegaci\u00f3n de servicio local a nivel de archivo causada por un requisito de autoridad insuficiente. Un usuario local sin privilegios puede configurar una restricci\u00f3n referencial con los privilegios de un usuario dise\u00f1ado socialmente para acceder al archivo de destino."}], "id": "CVE-2024-35122", "lastModified": "2025-09-29T16:15:33.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2025-01-24T18:15:31.680", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7178317"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}