CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43857 – IBM Navigator for i information disclosure
https://notcve.org/view.php?id=CVE-2022-43857
22 Dec 2022 — IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301. IBM Navigator para i 7.3, 7.4 y 7.5 podría permitir que un usuario autenticado acceda a los archivos de registro i de IBM Navigator para los que está autorizado pero no mientras utiliza esta interfaz. El ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/239301 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34358
https://notcve.org/view.php?id=CVE-2022-34358
13 Jul 2022 — IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. IBM i versiones 7.2, 7.3, 7.4 y 7.5 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/230516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22495
https://notcve.org/view.php?id=CVE-2022-22495
24 May 2022 — IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. IBM i versiones 7.3, 7.4 y 7.5, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/226941 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22481
https://notcve.org/view.php?id=CVE-2022-22481
09 May 2022 — IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. IBM Navigator para i versiones 7.2, 7.3 y 7.4 (versión de herencia), podría p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225899 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39056
https://notcve.org/view.php?id=CVE-2021-39056
13 Jan 2022 — The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537. El servidor SQL Dinámico Remoto Extendido (EDRSQL) de IBM i versiones 7.1, 7.2, 7.3 y 7.4, podría permitir a un usuario remoto autenticado enviar una petición especialmente diseñada y causar una denegación de servicio. IBM X-Force ID: 214537 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214537 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38876
https://notcve.org/view.php?id=CVE-2021-38876
30 Dec 2021 — IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. IBM i versiones 7.2, 7.3 y 7.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario de la web, alterando así la funcionalida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/208404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20501
https://notcve.org/view.php?id=CVE-2021-20501
21 Apr 2021 — IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. IBM i versiones 7.1, 7.2, 7.3 y 7.4 SMTP, permite a un atacante de red enviar correos electrónicos a destinatarios de dominio local inexistentes en el servidor... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198056 •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4345
https://notcve.org/view.php?id=CVE-2020-4345
17 May 2020 — IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. Los usuarios de IBM i versiones 7.2, 7.3 y 7.4, que ejecutan sentencias SQL complejas bajo un conjunto específico de circunstancias pueden permitir a un usuario local obtener información confidencial a la que no debería tener acceso. IBM X-Force ID: 178318. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178318 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4450
https://notcve.org/view.php?id=CVE-2019-4450
09 Nov 2019 — IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. IBM i versiones 7.2, 7.3 y 7.4 para i es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/163492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4536
https://notcve.org/view.php?id=CVE-2019-4536
29 Aug 2019 — IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592. Los usuarios de IBM i versión 7.4 que han realizado un Perfil de Usuario de Restauración (RSTUSRPRF) en un sistema que h... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165592 • CWE-269: Improper Privilege Management •