← volver
CVE-2022-43858

IBM Navigator for i information disclosure

CVSS 4.3 MEDIUMEPSS 1.0%CWE-22
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
22 dic 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
IBM · Navigator for i

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →