CVE-2024-51463

MEDIUM

IBM i 7.3, 7.4, and 7.5 - Server-Side Request Forgery

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-51463. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This advisory details an SSRF vulnerability in IBM Navigator for i, where an authenticated attacker can exploit a security token bypass (CVE-2024-51464) to send unauthorized requests to external hosts on any TCP port via the 'testConnectPort' servlet method. The writeup includes technical details, exploit steps, and references to IBM's advisory.

Description

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Exploits (1)

exploitdb WRITEUP
by hyp3rlinx · textwebappsmultiple
https://www.exploit-db.com/exploits/52212

This advisory details an SSRF vulnerability in IBM Navigator for i, where an authenticated attacker can exploit a security token bypass (CVE-2024-51464) to send unauthorized requests to external hosts on any TCP port via the 'testConnectPort' servlet method. The writeup includes technical details, exploit steps, and references to IBM's advisory.

Classification
Writeup 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: IBM Navigator for i (versions 7.5.0, 7.4.0, 7.3.0)
Auth required
Prerequisites: Authenticated access to IBM Navigator for i · Network access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0436
EPSS Percentile 89.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (3)
ibm/i 7.3
ibm/i 7.4
ibm/i 7.5
Published Dec 21, 2024
Tracked Since Feb 18, 2026