IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
Metrics
Affected Vendors & Products
References
History
Tue, 31 Dec 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 25 Dec 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-644 |
Wed, 25 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | IBM i improper HTTP header neutralization | IBM i authentication bypass |
Weaknesses | CWE-288 |
Tue, 24 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 21 Dec 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | |
Title | IBM i improper HTTP header neutralization | |
First Time appeared |
Ibm
Ibm i |
|
Weaknesses | CWE-644 | |
CPEs | cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm i |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published: 2024-12-21T13:44:59.157Z
Updated: 2025-01-06T17:30:33.565Z
Reserved: 2024-10-28T10:50:10.475Z
Link: CVE-2024-51464

Updated: 2024-12-31T07:02:42.570Z

Status : Awaiting Analysis
Published: 2024-12-21T14:15:21.627
Modified: 2024-12-31T07:15:11.307
Link: CVE-2024-51464

No data.