First published: Wed Dec 21 2022(Updated: )
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM i | =7.3 | |
IBM i | =7.4 | |
IBM i | =7.5 | |
IBM i | <=7.5 | |
IBM i | <=7.4 | |
IBM i | <=7.3 | |
=7.3 | ||
=7.4 | ||
=7.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this IBM Navigator for i security vulnerability is CVE-2022-43857.
The severity rating of CVE-2022-43857 is medium, with a value of 4.3.
IBM Navigator for i versions 7.3, 7.4, and 7.5 are affected by CVE-2022-43857.
An authenticated user can exploit CVE-2022-43857 by bypassing interface checks and downloading unauthorized log files by modifying the servlet filter.
To fix CVE-2022-43857, users should apply the necessary patches or updates provided by IBM.