CVE-2022-43860: SQL Injection
First published: Wed Dec 21 2022(Updated: )
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM i | <=7.5 | |
| IBM i | <=7.4 | |
| IBM i | <=7.3 | |
| IBM i | =7.3 | |
| IBM i | =7.4 | |
| IBM i | =7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM Navigator for i vulnerability?
The vulnerability ID for this IBM Navigator for i vulnerability is CVE-2022-43860.
Which versions of IBM Navigator for i are affected by this vulnerability?
Versions 7.3, 7.4, and 7.5 of IBM Navigator for i are affected by this vulnerability.
What is the severity rating for this IBM Navigator for i vulnerability?
The severity rating for this IBM Navigator for i vulnerability is medium, with a value of 4.3.
How can an authenticated user exploit this vulnerability?
An authenticated user can exploit this vulnerability by performing an SQL injection to obtain sensitive information they are authorized to.
Is there a fix available for this vulnerability?
Please refer to the IBM support page for information on available fixes for this vulnerability.
- collector/ibm-support
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- vendor/ibm
- canonical/ibm i
- version/ibm i/7.5
- version/ibm i/7.4
- version/ibm i/7.3