First published: Wed Dec 21 2022(Updated: )
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM i | =7.3 | |
IBM i | =7.4 | |
IBM i | =7.5 | |
IBM i | <=7.5 | |
IBM i | <=7.4 | |
IBM i | <=7.3 | |
=7.3 | ||
=7.4 | ||
=7.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this IBM Navigator for i vulnerability is CVE-2022-43860.
Versions 7.3, 7.4, and 7.5 of IBM Navigator for i are affected by this vulnerability.
The severity rating for this IBM Navigator for i vulnerability is medium, with a value of 4.3.
An authenticated user can exploit this vulnerability by performing an SQL injection to obtain sensitive information they are authorized to.
Please refer to the IBM support page for information on available fixes for this vulnerability.