IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Description IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203. IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.
Weaknesses CWE-266
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-29T15:04:45.978Z

Reserved: 2024-02-22T01:26:52.587Z

Link: CVE-2024-27275

cve-icon Vulnrichment

Updated: 2024-08-02T00:27:59.967Z

cve-icon NVD

Status : Modified

Published: 2024-06-15T14:15:09.443

Modified: 2025-09-29T15:16:06.107

Link: CVE-2024-27275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.