CVE-2024-35122 in IBMinfo

Summary

by MITRE • 01/24/2025

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/04/2025

The vulnerability identified as CVE-2024-35122 affects IBM i operating systems version 7.2 through 7.5, presenting a significant local denial of service risk through insufficient authority checks. This weakness stems from improper privilege validation mechanisms that allow unauthorized local users to manipulate database referential constraints, fundamentally undermining system integrity and availability. The flaw specifically targets the file level access controls within IBM i's database management system, creating a pathway for malicious actors to disrupt normal operations through deliberate constraint manipulation.

The technical implementation of this vulnerability involves a privilege escalation vector where a non-privileged local user can exploit social engineering techniques to gain access to target files through legitimate user accounts. This mechanism bypasses standard authorization controls by leveraging the trust relationships between user sessions and database objects. The referential constraint configuration process fails to properly validate the requesting user's authority level, allowing unauthorized modifications that can result in cascading failures within the database subsystem. This represents a classic case of insufficient authorization checking that aligns with CWE-284, which addresses inadequate access control mechanisms.

The operational impact of this vulnerability extends beyond simple denial of service to encompass potential data integrity compromise and system instability. When a malicious user successfully configures inappropriate referential constraints, they can trigger cascading failures that may render target files inaccessible or cause database corruption. The local nature of the attack means that physical or network access to the system is sufficient to exploit this vulnerability, making it particularly concerning for environments where user access controls are not strictly enforced. The consequences can range from temporary service disruption to complete database unavailability, depending on the scope of the affected constraints and the criticality of the targeted data.

Organizations should implement immediate mitigations including enhanced user access controls, mandatory privilege reviews, and monitoring for unauthorized constraint modifications. System administrators must verify that all database users possess appropriate authorization levels and that social engineering vectors are addressed through comprehensive security awareness training. The implementation of automated monitoring solutions that detect unusual constraint configuration activities can provide early warning of potential exploitation attempts. Additionally, regular security assessments should validate that the system properly enforces authorization requirements and that privilege escalation paths are properly closed. This vulnerability demonstrates the critical importance of maintaining strict access controls in database environments and aligns with ATT&CK technique T1078 for valid accounts and T1499 for network denial of service, emphasizing the need for layered security approaches to protect against both insider and external threats.

Responsible

Ibm

Reservation

05/09/2024

Disclosure

01/24/2025

Moderation

accepted

CPE

ready

EPSS

0.00168

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!