Critical vulnerability discovered in IBM i Systems (AS/400) software
Take action: Every system has vulnerabilities, even IBM i Series. But their relative rarity mean that very few people will bother with researching vulnerabilities, until such research can be automated. Then even the rare and expensive systems became fair game. So patch your "unhackable" systems, because they are not.
Learn More
Silent Signal, a provider of ethical hacking services, has discovered and reported a Remote Code Execution vulnerability (CVE-2023-30990) to IBM, enabling unauthorized attackers to access servers and infiltrate sensitive corporate assets, including the central server, database server, file server, and network drive server.
This finding emphasizes the need for a paradigm shift in prioritizing the oversight of security of IBM i Systems, as for decades they have been known for their inherent security and nobody really bothered to test them much. This finding changes the context - it is possible to attack such a system, although still is prohibitively expensive for malicious attackers to research those sustems.
| Affected Product(s) | Version(s) |
| IBM i | 7.5 |
| IBM i | 7.4 |
| IBM i | 7.3 |
| IBM i | 7.2 |
| IBM i Release | 5770-SS1 PTF Number |
PTF Download Link |
| 7.5 | SI83472 | https://www.ibm.com/support/pages/ptf/SI83472 |
| 7.4 | SI83473 | https://www.ibm.com/support/pages/ptf/SI83473 |
| 7.3 | SI83474 | https://www.ibm.com/support/pages/ptf/SI83474 |
| 7.2 | SI83475 | https://www.ibm.com/support/pages/ptf/SI83475 |
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
For those fluent in the commands of IBM i Series, the attack involves "exploit in the DDM architecture, which enables attackers to execute a CL command as QUSER within a mere 5 seconds using a single IP address" raising concerns about potential unauthorized access to sensitive information.
