Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-51463

CWE-918 — Server-Side Request Forgery (SSRF)4 documents4 sources

Severity

5.4MEDIUM

EPSS

1.1%

top 21.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM I

Timeline

PublishedDec 21

Latest updateApr 15

Description

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5ibm/i7.3, 7.4, 7.5

▶NVDibm/i7.3, 7.4, 7.5+2

🔴Vulnerability Details

CVEList

IBM i server-side request forgery↗2024-12-21

▶

GHSA

GHSA-2r73-v75c-63j8: IBM i 7↗2024-12-21

▶

💥Exploits & PoCs

Exploit-DB

IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)↗2025-04-15

▶