Daily Tech News, Interviews, Reviews and Updates

Silent Signal Discovered a Critical Vulnerability in IBM i System – CVE-2023-30990

IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture – IBM i users are advised to urgently apply the security patch provided by IBM

BUDAPEST, Hungary, July 07, 2023 (GLOBE NEWSWIRE) — Silent Signal, a leading technology provider of state-of-the-art ethical hacking services and solutions, discovered and reported a vulnerability to IBM, that has been confirmed and identified under CVE-2023-30990. The Remote Code Execution vulnerability permits unauthorized attackers to access the server, enabling perpetrators to infiltrate sensitive corporate assets and block ongoing business-critical services including the central server, database server, file server, and network drive server.

The time has come to proactively securing IBM i Systems
“It is time to prioritize proactively securing IBM i (formerly known as AS/400) infrastructures. This necessitates a shift in paradigm for both security professionals and vendors, as IBM i Systems have been renowned for their inherent security. The recently discovered exploit in the DDM architecture, which enables attackers to execute a CL command as QUSER within a mere 5 seconds using a single IP address, highlights the need for further investigation into potential security concerns in IBM i Systems. The vulnerability identified by our team allows unauthorized entry for attackers using workstation user credentials, potentially granting access to sensitive information. This compromises critical business processes and leaves the network vulnerable to potential privilege escalation” – Zoltán Pánczél, co-founder and Head of Silent Signal Security Lab at Silent Signal, explained.

Discovery and exploitation of the legendary IBM i System
Read the detailed technical description in Silent Signal’s ethical hacking blog and learn how they discovered and exploited the unauthenticated RCE in IBM i DDM Service.

Affected product(s) and version(s) are IBM i 7.2, IBM i 7.3, IBM i 7.4 and IBM i 7.5 users.

Recommended actions for affected users are provided in IBM’s latest Security Bulletin CVE-2023-30990.

IBM i users are strongly advised to prioritize regular scanning, vulnerability remediation, and patching to ensure the security of their systems. Read more about how to secure your IBM i Servers to meet compliance requirements.

About Silent Signal  

Silent Signal is an independent information security company providing state-of-the-art ethical hacking services and solutions. It helps its customers recognize the threats endangering their business, identify vulnerabilities affecting their systems and plan their defense strategy to protect their most valuable assets. Silent Signal is headquartered in Budapest Hungary, having clients from the financial, telco, government, and industry sectors from 30 countries.
For more information, visit https://silentsignal.eu/

Media Contact
Andrea Ipolyi
Silent Signal
[email protected]

Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. TheTechOutlook.com takes no editorial responsibility for the same.



Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More