6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.4%
IBM Navigator for i provides server administration functionality via a robust graphical user interface. IBM Navigator for i is vulnerable to an SQL injection as described in the vulnerability details section. The vulnerabilty is fixed by applying the latest HTTP Server for i group PTF as described in Remediation/Fixes section.
CVEID:CVE-2022-22495
**DESCRIPTION:**IBM i is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226941 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, and 7.3 will be fixed.
The IBM i PTF containing the fix for the CVE is included in the HTTP Server for i Group PTF. Future Group PTFs for HTTP Server for i will also contain the fix for this CVE.
IBM i Release | HTTP Server for i Group PTF - Level | PTF Download Link |
---|---|---|
7.5 | SF99952 - 01 | SF99952 750 IBM HTTP Server for i - level 1 |
7.4 | SF99662 - 20 | SF99662 740 IBM HTTP Server for i - level 20 |
7.3 | SF99722 - 39 | SF99722 730 IBM HTTP Server for i - level 39 |
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.4%