Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-02483
HistoryDec 23, 2022 - 12:00 a.m.

IBM Navigator for i Unauthorized Access Vulnerability

2022-12-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
13

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

IBM Navigator for i is a console interface from International Business Machines (IBM) used in IBMi to perform and manage critical tasks in IBMi. IBM Navigator for i in versions 7.3, 7.4, and 7.5 is vulnerable to unauthorized access, where authenticated users using this interface access their entitled access to IBM Navigator for i log files that they are entitled to but not authorized to access. An attacker could exploit this vulnerability by modifying servlet filters to bypass interface checks and download log files.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Related for CNVD-2023-02483