Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-02482
HistoryDec 23, 2022 - 12:00 a.m.

IBM Navigator for I SQL Injection Vulnerability

2022-12-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
9

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

IBM Navigator for i is a console interface used in IBMi by International Business Machines (IBM) to perform and manage critical tasks in IBMi. IBM Navigator for i is vulnerable to SQL injection in versions 7.3, 7.4, and 7.5. The vulnerability stems from the application’s lack of validation of externally entered SQL statements. An authenticated attacker could use the vulnerability to view file permissions through the interface by performing UNION-based SQL injection.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Related for CNVD-2023-02482