3 matches found
CVE-2022-43859
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID:...
CVE-2022-43859 IBM Navigator for i SQL injection
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID:...
CVE-2022-43859
IBM Navigator for i versions 7.3–7.5 are affected by CVE-2022-43859. An authenticated user could exploit a UNION-based SQL injection in the Navigator interface to view file permissions for objects they are authorized to access. Root cause: insufficient input validation allowing SQL injection via ...