Overview / Research / Research, CVEs & coverage

Original IBM i research, advisories and press

The complete public record: vulnerability research, the CVEs we have reported, conference talks, and media coverage of our IBM i work.

Publications

Articles & conference talks

Deep technical write-ups and talks presented at conferences including REcon and TROOPERS.

2026.06.05Article
Unauthenticated RCE as QSECOFR via IBM i Management Central
2025.10.22Article
IBM i LIBL Autopwn: Kill the Vulnerability Class
2025.09.04Article
Exploit development for IBM i
2025.01.21Article
Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions
2024.06.29Talk
Control Flow Integrity on IBM i
2024.06.26Talk
IBM i for Wintel Hackers
2023.08.22Article
Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation
2023.07.03Article
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
2023.03.30Article
Booby Trapping IBM i
2023.01.20Article
Abusing Adopted Authority on IBM i
2022.09.28Article
Another Tale of IBM i (AS/400) Hacking
2022.09.05Article
Simple IBM i (AS/400) hacking

Advisories

Public IBM i vulnerabilities reported by Silent Signal

Each entry links to the official IBM advisory.

CVEIBM advisory description
CVE-2025-36004Privilege escalation via unqualified library call in IBM Facsimile Support for i
CVE-2025-33122Privilege escalation via unqualified library call in IBM Advanced Job Scheduler for i
CVE-2025-33108Privilege escalation via unqualified library call in Backup, Recovery and Media Services for i
CVE-2024-38330Privilege escalation via unqualified library calls in Managed System Services / System Management for i
CVE-2024-31870User profile enumeration via a supplied table function in Db2 for i
CVE-2024-31878SST user profile enumeration in IBM i Service Tools Server
CVE-2024-31879Denial of service via deserialization of untrusted data in Management Central
CVE-2023-40686 / CVE-2023-40685Local privilege escalation due to flaws in Management Central
CVE-2023-40378Local privilege escalation via a flaw in IBM Directory Server for i
CVE-2023-40377Local privilege escalation in IBM Backup, Recovery & Media Services for i
CVE-2023-40375Local privilege escalation in the Integrated application server for IBM i
CVE-2023-30990CL command execution via exploitation of DDM architecture
CVE-2023-30989Local privilege escalation in IBM Performance Tools for i
CVE-2023-30988Local privilege escalation in IBM Facsimile Support for i

Coverage

News articles & videos

Independent coverage of our IBM i security research.

IT JungleNews
ACS Password Leaks Are A Security Issue On IBM i
Cyber Security NewsNews
Attackers Exploit IBM i Access Client Solutions on Windows 11 To Steal Passwords
ProximityNews
Ethical hackers uncover misconfiguration vulnerabilities in the IBM i platform
IT JungleNews
Ethical Hackers Discuss Penetration Work On IBM i
IT JungleNews
2023: An IBM i Year in Review
IT JungleNews
Spooky New Security Vulns Lurking on IBM i
Yahoo FinanceNews
Silent Signal Launches iCompliant to Provide Elevated Security for IBM i System Users
IT JungleNews
Midsummer Security Indicators: Hot and Gloomy
IT JungleNews
Serious New IBM i Vulns Exposed by Silent Signal — More On the Way
IT JungleNews
New "High Priority" DDM Vulnerability Affects IBM i
GlobeNewswireNews
Silent Signal Discovered a Critical Vulnerability in IBM i System — CVE-2023-30990
IBM TVNews
IBM Technology UKI Brunch and Learn — What You Can Do With An IP Address
IT JungleNews
White Hats Completely Dismantle Menu-Based Security
IT JungleNews
Pen Tester Silent Signal Targets IBM i

Get started

Put this research to work on your systems.

The same research behind these advisories drives every assessment, the iCompliant platform and the Exclusive Vulnerability Feed.

Talk to the research team