I Security Vulnerabilities and Issues — I CVE List

Lucene search

IbmI

9 matches found

CVE•added 2022/05/24 5:15 p.m.•82 views

CVE-2022-22495

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941.

8.8CVSS8.7AI score0.0031EPSS

CVE•added 2022/05/09 5:15 p.m.•67 views

CVE-2022-22481

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks p...

5.3CVSS5.2AI score0.00172EPSS

CVE•added 2022/12/24 12:15 a.m.•66 views

CVE-2022-43860

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.

4.3CVSS5.1AI score0.00046EPSS

CVE•added 2022/11/21 6:15 p.m.•63 views

CVE-2022-40746

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vul...

7.2CVSS6.6AI score0.00064EPSS

CVE•added 2022/12/22 9:15 p.m.•63 views

CVE-2022-43858

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their file...

4.3CVSS4.7AI score0.00008EPSS

CVE•added 2022/12/22 9:15 p.m.•62 views

CVE-2022-43857

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID:...

4.3CVSS4.7AI score0.00008EPSS

CVE•added 2022/12/22 9:15 p.m.•59 views

CVE-2022-43859

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 2...

6.3CVSS5AI score0.00027EPSS

CVE•added 2022/07/13 5:15 p.m.•58 views

CVE-2022-34358

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516.

5.4CVSS5.2AI score0.00123EPSS

CVE•added 2022/01/13 6:15 p.m.•40 views

CVE-2021-39056

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537.

6.5CVSS6.5AI score0.00278EPSS