Vulnerability Details
Basic Information
| Title | Security Bulletin: IBM i is vulnerable to a database access denial of service caused by a database capabilities bypass restriction check [CVE-2024-52895]. |
|---|---|
| Type | ibm |
| Published | 2025-04-17T17:30:50 |
| Last Seen | 2025-04-17T19:08:29 |
| CVSS Score | 6.5 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2024-52895 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
IBM i is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.
## Vulnerability Details
**CVEID:**CVE-2024-52895
**DESCRIPTION:** IBM i is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.
**CWE:**CWE-754: Improper Check for Unusual or Exceptional Conditions
**CVSS Source:** IBM
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM i| 7.6
IBM i| 7.5
IBM i| 7.4
## Remediation/Fixes
The issue can be addressed by applying PTFs to IBM i. IBM i releases 7.6, 7.5, and 7.4 will be fixed.
The IBM i 5770-SS1 PTF numbers listed below resolve the vulnerability.
IBM i Release| 5770-SS1
PTF Numbers| PTF Download Link
—|—|—
7.6| SJ03484 SJ03500 SJ03736 SJ03832 SJ03857 | https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03484 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03500 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03736 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03832 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03857
7.5| SJ03361 SJ03393 SJ03483 SJ03728 SJ03737 SJ03833 | https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03361 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03393 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03483 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03728 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03737 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03833
7.4| SJ03032 SJ03362 SJ03363 SJ03394 SJ03482 SJ03738 SJ03862 | https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03032 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03362 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03363 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03394 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03482 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03738 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ03862
https://www.ibm.com/support/fixcentral
**_Important note:_**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._
## Workarounds and Mitigations
None.
##
Impact Assessment
| Base Score | 6.5 |
|---|---|
| Severity | MEDIUM |