CVE-2024-31878

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.5 Service Tools Server (SST)

Description The issue is related to the disclosure of information through inconsistency, allowing a remote attacker to gather information about SST users that can be targeted in further attacks. This can be used by a malicious actor to exploit the vulnerability and potentially launch further attacks.

Recommendations For IBM i versions 7.2 through 7.5, consider restricting access to the Service Tools Server (SST) to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the information disclosed by SST to prevent user enumeration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.