April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple IBM Security Verify Governance, Identity Manager Vulnerabilities
December 26, 2022Rewterz Threat Advisory – Multiple IBM Financial Transaction Manager Vulnerabilities
December 26, 2022Rewterz Threat Advisory – Multiple IBM Security Verify Governance, Identity Manager Vulnerabilities
December 26, 2022Rewterz Threat Advisory – Multiple IBM Financial Transaction Manager Vulnerabilities
December 26, 2022
Severity
Medium
Analysis Summary
CVE-2022-43857 CVSS:4.3
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter.
CVE-2022-43858 CVSS:4.3
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface.
CVE-2022-43860 CVSS:4.3
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface.
Impact
- Information Disclosure
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2022-43857
- CVE-2022-43858
- CVE-2022-43860
Affected Vendors
IBM
Affected Products
- IBM i 7.3
- IBM i 7.4
- IBM i 7.5
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.
