IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/239305 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6850801 | Patch Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/239305 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6850801 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:27
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/239305 - VDB Entry, Vendor Advisory | |
| References | () https://www.ibm.com/support/pages/node/6850801 - Patch, Vendor Advisory |
07 Nov 2023, 03:54
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305. |
Information
Published : 2022-12-24 00:15
Updated : 2024-11-21 07:27
NVD link : CVE-2022-43860
Mitre link : CVE-2022-43860
CVE.ORG link : CVE-2022-43860
JSON object : View
Products Affected
ibm
- i
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')