CVE-2024-51464

MEDIUM

IBM i <7.6 - Auth Bypass

Title source: llm

Description

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsmultiple

https://www.exploit-db.com/exploits/52210

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7179509

[Mailing List] http://seclists.org/fulldisclosure/2024/Dec/19

[Mailing List] http://seclists.org/fulldisclosure/2024/Dec/20

Scores

CVSS v3 4.3

EPSS 0.0045

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-288

Status published

Products (3)

ibm/i 7.3

ibm/i 7.4

ibm/i 7.5

Published Dec 21, 2024

Tracked Since Feb 18, 2026