CVE-2024-51464

MEDIUM

IBM i 7.3-7.5 - Authenticated Authentication Bypass via Navigator for i Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-51464. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The advisory details a security token bypass vulnerability in IBM Navigator for i, where attackers can manipulate the last eight digits of the 'Mn:' HTTP header token to bypass security checks. The vulnerability arises from improper validation of the token in the 'doFilter' method, allowing attackers to perform unauthorized actions.

Description

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

Exploits (1)

exploitdb WRITEUP
by hyp3rlinx · textwebappsmultiple
https://www.exploit-db.com/exploits/52210

The advisory details a security token bypass vulnerability in IBM Navigator for i, where attackers can manipulate the last eight digits of the 'Mn:' HTTP header token to bypass security checks. The vulnerability arises from improper validation of the token in the 'doFilter' method, allowing attackers to perform unauthorized actions.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: IBM Navigator for i (versions 7.5.0, 7.4.0, 7.3.0)
Auth required
Prerequisites: Authenticated access to IBM Navigator for i · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 4.3
EPSS 0.0130
EPSS Percentile 80.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-288
Status published
Products (3)
ibm/i 7.3
ibm/i 7.4
ibm/i 7.5
Published Dec 21, 2024
Tracked Since Feb 18, 2026