Primary

Context

IBM Digital Certificate Manager for i Privilege Escalation Vulnerability via Web Session Hijacking

Vulnerability

A web session hijacking vulnerability has been identified in IBM Digital Certificate Manager for i, affecting IBM i versions 7.3, 7.4, 7.5, and 7.6. This vulnerability allows an authenticated user without administrator privileges to gain elevated rights and perform administrative actions within the Digital Certificate Manager.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling a user to perform administrative tasks in IBM Digital Certificate Manager for i.

Remediation

Users can apply a PTF to address this vulnerability. The PTF numbers for the respective IBM i versions are: 7.6 (SJ06558), 7.5 (SJ06557), 7.4 (SJ06552), and 7.3 (SJ06550).

Added: Aug 8, 2025, 3:18 PM

Updated: Aug 8, 2025, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Digital Certificate Manager for i Privilege Escalation Vulnerability via Web Session Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating