China National Vulnerability DatabaseCNVD-2023-02482IBM Navigator for I SQL Injection Vulnerability
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.8%
IBM Navigator for i is a console interface used in IBMi by International Business Machines (IBM) to perform and manage critical tasks in IBMi. IBM Navigator for i is vulnerable to SQL injection in versions 7.3, 7.4, and 7.5. The vulnerability stems from the application’s lack of validation of externally entered SQL statements. An authenticated attacker could use the vulnerability to view file permissions through the interface by performing UNION-based SQL injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm navigator for i | eq | 7.3 | |
| ibm navigator for i | eq | 7.4 | |
| ibm navigator for i | eq | 7.5 |
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.8%