CVE-2002-1731

IBM OS/400 - Unauthenticated User Enumeration via System Request Menu

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1731. PoCs published by ken@FTU.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in IBM AS/400 systems running OS/400. It explains how an authenticated user can exploit the 'System Request' menu to list all user profiles (*USRPRF objects) via a 5250 emulator.

Description

The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ken@FTU · textlocalmultiple
https://www.exploit-db.com/exploits/21283

This is a writeup describing an information disclosure vulnerability in IBM AS/400 systems running OS/400. It explains how an authenticated user can exploit the 'System Request' menu to list all user profiles (*USRPRF objects) via a 5250 emulator.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IBM OS/400 (AS/400 systems)
Auth required
Prerequisites: Authenticated access to AS/400 system · 5250 emulator
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8179
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4059
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1003507

Scores

EPSS 0.0084
EPSS Percentile 53.3%

Details

Status published
Products (5)
ibm/os_400 v4r2
ibm/os_400 v4r3
ibm/os_400 v4r4
ibm/os_400 v4r5
ibm/os_400 v5r1
Published Dec 31, 2002
Tracked Since Feb 18, 2026