Ibm

Iseries As 400

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-1025

Exploit
  • EPSS 0.42%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.

5

CVE-2005-1133

  • EPSS 0.31%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.

7.5

CVE-2005-1238

  • EPSS 0.45%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.