Impact
The vulnerability allows a user to gain administrator privileges through an unqualified library call. A malicious actor could cause user‑controlled code to execute with administrator rights. The primary impact is that the attacker can obtain elevated privileges, enabling them to control the system.
Affected Systems
Affected systems are IBM i releases 7.3, 7.4, 7.5, and 7.6. IBM has released specific points‑in‑time fixes (PTFs) for each release: 7.6 (SJ09689, SJ09666, SJ10017, SJ09859), 7.5 (SJ09688, SJ09665, SJ09699, SJ10015, SJ09855), 7.4 (SJ09690, SJ09664, SJ09701, SJ10028, SJ09851), and 7.3 (SJ09691, SJ09663, SJ10018, SJ09837). The vendor recommends upgrading to a supported fixed release such as IBM i Release5770‑SS1.
Risk and Exploitability
The CVSS score of 8.8 indicates a high severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local user capable of influencing library resolution to launch malicious code; this inference is drawn from the mention that user‑controlled code can run with administrator privilege. Successful exploitation would grant the attacker systemwide administrative privileges.
OpenCVE Enrichment