Every CVE whose affected-product data names Ibm I, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (64)
CVE-2022-22495 — CVSS 8.8 (high): IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow…
CVE-2026-7870 — CVSS 8.8 (high): IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could…
CVE-2025-36367 — CVSS 8.8 (high): IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A…
CVE-2025-36004 — CVSS 8.8 (high): IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for…
CVE-2023-30990 — CVSS 8.6 (high): IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture…
CVE-2025-33108 — CVSS 8.5 (high): IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain…
CVE-2025-33103 — CVSS 8.5 (high): IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A…
CVE-2013-5385 — CVSS 8.5 (high): The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE…
CVE-2024-55898 — CVSS 8.5 (high): IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an…
CVE-2024-25050 — CVSS 8.4 (high): IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a…
CVE-2023-30988 — CVSS 8.4 (high): The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor…
CVE-2023-30989 — CVSS 8.4 (high): IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line…
CVE-2023-38721 — CVSS 8.4 (high): The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor…
CVE-2023-42006 — CVSS 8.4 (high): IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper…
CVE-2024-22346 — CVSS 8.4 (high): Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library…
CVE-2021-20501 — CVSS 8.2 (high): IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server…
CVE-2026-9072 — CVSS 8.1 (high): IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere…
CVE-2024-31890 — CVSS 7.8 (high): IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious…
CVE-2017-1460 — CVSS 7.5 (high): IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which…
CVE-2025-33109 — CVSS 7.5 (high): IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could…
CVE-2026-8858 — CVSS 7.5 (high): IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service…
CVE-2026-1376 — CVSS 7.5 (high): IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of…
CVE-2024-31879 — CVSS 7.5 (high): IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the…
CVE-2025-33122 — CVSS 7.5 (high): IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job…
CVE-2024-27264 — CVSS 7.4 (high): IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call…
CVE-2023-40685 — CVSS 7.4 (high): Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor…
CVE-2023-40375 — CVSS 7.4 (high): Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with…
CVE-2024-27275 — CVSS 7.4 (high): IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local…
CVE-2025-2947 — CVSS 7.2 (high): IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the…
CVE-2025-36119 — CVSS 7.1 (high): IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i…
CVE-2024-38330 — CVSS 7.0 (high): IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program…
CVE-2023-43064 — CVSS 7.0 (high): Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call…
CVE-2024-47104 — CVSS 6.8 (medium): IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can…
CVE-2025-36371 — CVSS 6.5 (medium): IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user…
CVE-2024-52895 — CVSS 6.5 (medium): IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A…
CVE-2021-39056 — CVSS 6.5 (medium): The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially…
CVE-2026-6936 — CVSS 6.5 (medium): IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language…
CVE-2023-23470 — CVSS 6.4 (medium): IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default…
CVE-2026-2311 — CVSS 6.4 (medium): IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization…
CVE-2019-4536 — CVSS 6.3 (medium): IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have…
CVE-2022-43859 — CVSS 6.3 (medium): IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized…
CVE-2019-4040 — CVSS 6.1 (medium): IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…
CVE-2021-38876 — CVSS 6.1 (medium): IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2019-4450 — CVSS 6.1 (medium): IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2026-10852 — CVSS 5.9 (medium): IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere…
CVE-2019-4381 — CVSS 5.5 (medium): IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection…
CVE-2025-3218 — CVSS 5.4 (medium): IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i…
CVE-2024-51463 — CVSS 5.4 (medium): IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized…
CVE-2024-55896 — CVSS 5.4 (medium): IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could…
CVE-2025-2950 — CVSS 5.4 (medium): IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by…
CVE-2022-34358 — CVSS 5.4 (medium): IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2023-47741 — CVSS 5.3 (medium): IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be…
CVE-2024-31878 — CVSS 5.3 (medium): IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can…
CVE-2022-22481 — CVSS 5.3 (medium): IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid…
CVE-2023-40377 — CVSS 4.9 (medium): Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious…
CVE-2023-40686 — CVSS 4.9 (medium): Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor…
CVE-2023-40378 — CVSS 4.9 (medium): IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host…
CVE-2022-43857 — CVSS 4.3 (medium): IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but…
CVE-2022-43858 — CVSS 4.3 (medium): IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to…
CVE-2022-43860 — CVSS 4.3 (medium): IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not…
CVE-2024-51464 — CVSS 4.3 (medium): IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an…
CVE-2020-4345 — CVSS 3.3 (low): IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain…
CVE-2024-31870 — CVSS 3.3 (low): IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated…
CVE-2024-35122 — CVSS 2.8 (low): IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local…