CVE-2024-47104

Name of the Vulnerable Software and Affected Versions IBM i versions 7.4 and 7.5

Description The issue allows an authenticated user to gain elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. This can be exploited by a malicious actor to perform actions restricted by their view privileges.

Recommendations For IBM i versions 7.4 and 7.5, consider restricting access to views that are based on physical files to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the ability for users to alter physical file security attributes without object management rights. Restrict access to physical files to only those users who require it, based on the principle of least privilege.