Описание
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
Ссылки
- VDB Entry
- PatchVendor Advisory
- VDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.3 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
Уязвимость графического интерфейса IBM Navigator операционной системы IBM i, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.3 Medium
CVSS3
4.3 Medium
CVSS3