IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/239305 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6850801 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2022-12-22T20:53:16.772Z
Updated: 2022-12-23T23:03:51.372448Z
Reserved: 2022-10-26T15:46:22.823Z
Link: CVE-2022-43860
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-24T00:15:08.783
Modified: 2023-11-07T03:54:05.810
Link: CVE-2022-43860
JSON object: View
Redhat Information
No data.
CWE