July 10, 2023 Alex Woodie
Unauthenticated users can remotely run CL or PASE commands on IBM i as a result of a newly discovered vulnerability in the operating system’s Distributed Data Management (DDM) architecture. IBM issued a patch for the flaw, which it classified as moderate. However, the Hungary-based ethical hacking group that discovered the flaw, Silent Signal, recommends treating it as a high priority.
IBM disclosed the DDM security flaw and availability of program temporary fixes (PTFs) for IBM i version 7.2 through 7.5 via a security bulletin on June 30. The flaw was assigned CVE-2023-30990 by the Common Vulnerability Scoring System, and given …Read more