CVE-2024-35122 LOW

CVE-2024-35122: IBM i denial of service

Vendor Ibm
Product i
Weakness CWE-266
Published January 24, 2025
Last update September 29, 2025

CVSS base score

2.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
September 29, 2025 Record updated