← back
CVE-2024-51464

IBM i authentication bypass

CVSS 4.3 MEDIUMEPSS 1.4%CWE-288
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
IBM · i
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52210unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2024/Dec/19http://seclists.org/fulldisclosure/2024/Dec/20https://www.ibm.com/support/pages/node/7179509