Severity
Medium
Analysis Summary
CVE-2022-43857 CVSS:4.3
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter.
CVE-2022-43858 CVSS:4.3
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface.
CVE-2022-43860 CVSS:4.3
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface.
Impact
- Information Disclosure
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2022-43857
- CVE-2022-43858
- CVE-2022-43860
Affected Vendors
IBM
Affected Products
- IBM i 7.3
- IBM i 7.4
- IBM i 7.5
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.