本ページは ibm i に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-10852 | IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server. | [email protected] | 5.9 | 0.26% | 2026-06-22 | 2026-06-30 |
| CVE-2026-9072 | IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in. | [email protected] | 8.1 | 0.38% | 2026-06-22 | 2026-06-24 |
| CVE-2026-8858 | IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in. | [email protected] | 7.5 | 0.26% | 2026-06-22 | 2026-06-24 |
| CVE-2026-7870 | IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | [email protected] | 8.8 | 0.34% | 2026-06-11 | 2026-06-17 |
| CVE-2026-6936 | IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements. | [email protected] | 6.5 | 0.24% | 2026-05-27 | 2026-06-17 |
| CVE-2026-2311 | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege. | [email protected] | 6.4 | 0.20% | 2026-04-30 | 2026-06-17 |
| CVE-2026-1376 | IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources. | [email protected] | 7.5 | 0.52% | 2026-03-17 | 2026-06-17 |
| CVE-2025-36371 | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view. | [email protected] | 6.5 | 0.22% | 2025-11-19 | 2026-06-17 |
| CVE-2025-36367 | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system. | [email protected] | 8.8 | 0.26% | 2025-11-01 | 2026-06-17 |
| CVE-2025-36119 | IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. | [email protected] | 7.1 | 0.18% | 2025-08-08 | 2026-06-17 |
| CVE-2025-33109 | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions. | [email protected] | 7.5 | 0.36% | 2025-07-24 | 2026-06-17 |
| CVE-2025-36004 | IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | [email protected] | 8.8 | 0.49% | 2025-06-24 | 2026-06-17 |
| CVE-2025-33122 | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | [email protected] | 7.5 | 0.34% | 2025-06-17 | 2026-06-17 |
| CVE-2025-33108 | IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system. | [email protected] | 8.5 | 0.53% | 2025-06-13 | 2026-06-17 |
| CVE-2025-33103 | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | [email protected] | 8.5 | 0.36% | 2025-05-17 | 2026-06-17 |
| CVE-2025-3218 | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server. | [email protected] | 5.4 | 0.21% | 2025-05-06 | 2026-06-17 |
| CVE-2025-2950 | IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior. | [email protected] | 5.4 | 0.25% | 2025-04-18 | 2026-06-17 |
| CVE-2025-2947 | IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. | [email protected] | 7.2 | 0.36% | 2025-04-17 | 2026-06-17 |
| CVE-2024-55898 | IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | [email protected] | 8.5 | 0.40% | 2025-02-23 | 2026-06-17 |
| CVE-2024-52895 | IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database. | [email protected] | 6.5 | 0.37% | 2025-02-14 | 2026-06-17 |