7.4
CVE-2025-36244
- EPSS 0.01%
- Veröffentlicht 16.09.2025 14:38:08
- Zuletzt bearbeitet 17.10.2025 14:34:38
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM AIX privilege escalation
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.011 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| psirt@us.ibm.com | 7.4 | 1.4 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-454 External Initialization of Trusted Variables or Data Stores
The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.