CVE-2022-43858 — Path Traversal in IBM Navigator FOR I

CWE-22 — Path Traversal3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Navigator FOR I IBM I

Timeline

PublishedDec 22

Description

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/navigator_for_i7.3, 7.4, 7.5

▶NVDibm/i7.3, 7.4, 7.5+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Navigator for i information disclosure↗2022-12-22

▶

GHSA

GHSA-9xjh-r99f-3c32: IBM Navigator for i 7↗2022-12-22

▶