CVE-2024-55898

CVE-2024-55898 is a privilege escalation vulnerability affecting IBM i versions 7.2, 7.3, 7.4, and 7.5, stemming from an unqualified library call (CWE-427). It enables a user with the ability to compile or restore a program to gain elevated privileges, allowing user-controlled code to execute with administrator-level access. The vulnerability carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

Exploitation requires low privileges (PR:L), specifically the capability to compile or restore programs, and can occur over the network (AV:N) without user interaction (UI:N), though it demands high attack complexity (AC:H). A malicious actor meeting these prerequisites can leverage the unqualified library call to execute arbitrary code with administrator privileges, achieving full system compromise including scope change (S:C).

IBM's security advisory, available at https://www.ibm.com/support/pages/node/7183835, provides details on the vulnerability, affected versions, and recommended mitigations, including patches for resolving the issue. Security practitioners should review this page for deployment instructions and verification steps.