IBM i Database Access Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in IBM i versions 7.4 and 7.5. This issue arises from a bypass of database capabilities restriction checks, allowing a privileged actor to remove or disrupt database infrastructure files. Such actions can cause incorrect behavior in software products that depend on the database.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition by causing improper behavior in software applications that rely on the affected database.

Remediation

Users can apply PTFs to address this vulnerability. For IBM i release 7.6, the relevant PTF numbers are SJ03484, SJ03500, SJ03736, SJ03832, and SJ03857. For release 7.5, the PTF numbers are SJ03361, SJ03393, SJ03483, SJ03728, SJ03737, and SJ03833. For release 7.4, the PTF numbers are SJ03032, SJ03362, SJ03363, SJ03394, SJ03482, SJ03738, and SJ03862.