CVE-2024-51464

IBM i authentication bypass

CVSS 4.3 MEDIUMEPSS 1.4%CWE-288

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 4.3EPSS 1.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

21 Dec 2024Published on NVD

15 Apr 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

IBM · i

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52210unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2024/Dec/19 http://seclists.org/fulldisclosure/2024/Dec/20 https://www.ibm.com/support/pages/node/7179509