Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-06-16
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-02-12
Updated
2011-03-08
IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.
Max CVSS
7.8
EPSS Score
3.16%
Published
2007-07-03
Updated
2017-07-29
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
Max CVSS
5.0
EPSS Score
0.40%
Published
2007-01-23
Updated
2008-11-15
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
Max CVSS
10.0
EPSS Score
0.16%
Published
2006-12-31
Updated
2008-09-05
Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.
Max CVSS
5.0
EPSS Score
0.40%
Published
2005-05-02
Updated
2017-07-11
AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.
Max CVSS
2.1
EPSS Score
0.16%
Published
2005-05-02
Updated
2016-10-18
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-11
8 vulnerabilities found