CVE-2022-43857Path Traversal in IBM Navigator FOR I

CWE-22Path Traversal4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 45.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Navigator FOR IIBM I
Timeline
PublishedDec 22

Description

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/navigator_for_i7.3, 7.4, 7.5
NVDibm/i7.3, 7.4, 7.5+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-696v-j6jg-m6w8: IBM Navigator for i 72022-12-22
CVEList
IBM Navigator for i information disclosure2022-12-22

💥Exploits & PoCs

1
Exploit-DB
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)2022-01-05
CVE-2022-43857 — Path Traversal in IBM Navigator FOR I | cvebase