CVE-2022-43857: Path Traversal
First published: Wed Dec 21 2022(Updated: )
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM i | =7.3 | |
| IBM i | =7.4 | |
| IBM i | =7.5 | |
| IBM i | <=7.5 | |
| IBM i | <=7.4 | |
| IBM i | <=7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM Navigator for i security vulnerability?
The vulnerability ID for this IBM Navigator for i security vulnerability is CVE-2022-43857.
What is the severity rating of CVE-2022-43857?
The severity rating of CVE-2022-43857 is medium, with a value of 4.3.
Which versions of IBM Navigator for i are affected by CVE-2022-43857?
IBM Navigator for i versions 7.3, 7.4, and 7.5 are affected by CVE-2022-43857.
How can an authenticated user exploit CVE-2022-43857?
An authenticated user can exploit CVE-2022-43857 by bypassing interface checks and downloading unauthorized log files by modifying the servlet filter.
Is there a fix available for CVE-2022-43857?
To fix CVE-2022-43857, users should apply the necessary patches or updates provided by IBM.
- collector/nvd-index
- collector/ibm-support
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- vendor/ibm
- canonical/ibm i
- version/ibm i/7.3
- version/ibm i/7.4
- version/ibm i/7.5