Lucene search
K

46 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 2:12 p.m.6 views

Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager

Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...

8.8CVSS7.5AI score0.00331EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 11:7 p.m.9 views

Security Bulletin: IBM i is Affected By A Cross-Site Scripting Vulnerability in Navigator for i [CVE-2026-0540]

Summary Navigator for IBM i uses the Monaco editor to edit config files. The Monaco editor uses DOMPurify to sanitize the HyperText Markup Language HTML in the editor. DOMPurify is vulnerable to improper neutralization of input by using rawtext elements missing from the SAFEFORXML regex...

6.1CVSS5.8AI score0.0034EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 4:42 p.m.10 views

Security Bulletin: IBM i is affected by Cross-Site Request Forgery and Cross-Site Scripting in Digital Certificate Manager and Navigator for i [CVE-2025-66035, CVE-2025-66412, CVE-2026-22610]

Summary IBM i Digital Certificate Manager DCM and Navigator for i are vulnerable to Cross-Site Request Forgery XSRF token leakage via protocol-relative URLs in angular HTTP clients CVE-2025-66035 and Cross-Site Scripting XSS via the compiler's internal security schema being incomplete...

8.5CVSS5.3AI score0.01535EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/18 10:22 p.m.4 views

Security Bulletin: IBM i is affected by a cross-site scripting vulnerability in Navigator for i [CVE-2024-47875]

Summary Navigator for IBM i is vulnerable to cross-site scripting when using the browser editor CVE-2024-47875 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, Math...

10CVSS7.6AI score0.01093EPSS
Exploits2Affected Software5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-46830

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-45780

Malicious code in bioql PyPI...

4.3CVSS5.6AI score0.01417EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:34 a.m.11 views

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

4.3CVSS6.4AI score0.01417EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.7 views

CVE-2022-43860

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305...

4.3CVSS6.8AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:57 a.m.7 views

CVE-2022-43859

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID:...

6.3CVSS6.7AI score0.00579EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:57 a.m.15 views

CVE-2022-43857

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force I...

4.3CVSS6.3AI score0.00989EPSS
Exploits0References1
OSV
OSV
added 2025/04/18 3:15 p.m.2 views

CVE-2025-2950

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...

5.4CVSS5.8AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2025/04/18 2:50 p.m.60 views

CVE-2025-2950

IBM i (versions 7.3, 7.4, 7.5, and 7.6) is affected by a host header injection vulnerability due to improper neutralization of HTTP header content in IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to alter the domain/IP, potentially causing unexpected b...

5.4CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.6 views

PT-2025-17301 · Ibm · Ibm I +1

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.5 Description: The issue is caused by improper neutralization of HTTP header content by IBM Navigator for i, allowing an authenticated user to manipulate the host header in HTTP requests. This can lead to changing...

5.5CVSS6AI score0.00271EPSS
Exploits0References5
NVD
NVD
added 2024/12/21 2:15 p.m.11 views

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

4.3CVSS0.01417EPSS
Exploits2References3
OSV
OSV
added 2024/12/21 2:15 p.m.2 views

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

4.3CVSS6.1AI score0.01417EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/12/21 1:44 p.m.21 views

CVE-2024-51464 IBM i authentication bypass

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

4.3CVSS4.6AI score0.01417EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/12/21 1:44 p.m.20 views

CVE-2024-51464 IBM i authentication bypass

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

4.3CVSS0.01417EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/12/21 12:0 a.m.7 views

PT-2024-34640 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3, 7.4, and 7.5 Description: The issue allows an authenticated attacker to bypass Navigator for i interface restrictions by sending a specially crafted request, enabling them to remotely perform operations that the user is no...

4.3CVSS5.2AI score0.01417EPSS
Exploits2References11
CNNVD
CNNVD
added 2024/12/21 12:0 a.m.5 views

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.3, 7.4, and 7.5 that originates from an easy bypass of the Navigator for i interface restrictions, which can be...

4.3CVSS5.3AI score0.01417EPSS
Exploits2References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/15 7:38 p.m.80 views

Security Bulletin: IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

Summary IBM Navigator for i provides server administration functionality for IBM i. An authenticated user with authority to interact with IBM Navigator for i is able to download log files, view file attributes, and perform SQL injection attacks as described in the vulnerability details section. I...

6.3CVSS4.9AI score0.00989EPSS
Exploits0Affected Software4
Rows per page
Query Builder