Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-51464

CWE-288 CWE-6445 documents4 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 36.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM I

Timeline

PublishedDec 21

Latest updateApr 15

Description

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/i7.3, 7.4, 7.5

▶NVDibm/i7.3, 7.4, 7.5+2

🔴Vulnerability Details

GHSA

GHSA-fqvv-mh7w-3jq3: IBM i 7↗2024-12-21

▶

CVEList

IBM i authentication bypass↗2024-12-21

▶

💥Exploits & PoCs

Exploit-DB

IBMi Navigator 7.5 - HTTP Security Token Bypass↗2025-04-15

▶

Exploit-DB

IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)↗2025-04-15

▶