CVE-2024-51464
published 2024-12-21CVE-2024-51464: IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker…
PriorityP430medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EXPLOIT
EPSS
1.42%
69.4th percentile
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | i | — | — |
| ibm | i | — | — |
| ibm | i | — | — |
| ibm | i | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBMi Navigator 7.5 - HTTP Security Token Bypass
exploitdb·2025-04-15·CVSS 4.3
CVE-2024-51464 [MEDIUM] IBMi Navigator 7.5 - HTTP Security Token Bypass
IBMi Navigator 7.5 - HTTP Security Token Bypass
---
# Author Title: John Page (aka hyp3rlinx)
# Author Website: hyp3rlinx.altervista.org
# Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt
# Vendor: www.ibm.com
[Product]
Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i.
IBM Navigator for i supports the vast majority of tasks that were available in the System i Navigator Windows client application.
This Web application is part of the base IBM i operating system, and can be easily accessed from your web browser.
[Vulnerability Type]
HTTP Security Token Bypass
[CVE Reference]
CVE-2024-51464
[Security Issue]
IBM i is vulnerable to bypassing Navigator for i interface restr
Exploit-DB
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
exploitdb·2025-04-15·CVSS 5.4
CVE-2024-51463 [MEDIUM] IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
---
# Author Title: John Page (aka hyp3rlinx)
# Author Website: hyp3rlinx.altervista.org
# Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt
# Vendor: www.ibm.com
[Vendor]
www.ibm.com
[Product]
Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i.
IBM Navigator for i supports the vast majority of tasks that were available in the System i Navigator Windows client application.
This Web application is part of the base IBM i operating system, and can be easily accessed from your web browser.
[Vulnerability Type]
Server Side Request Forgery (SSRF)
[CVE Reference]
CVE-2024-51463
[Security Issue]
IBM i is vulnerable to s
No writeups or analysis indexed.
2024-12-21
Published