Ibm: >> Iseries As 400 >> 4.3 Security Vulnerabilities
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-05-02
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-05-02
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-02