Aminei

**Name of the Vulnerable Software and Affected Versions** IBM Navigator for i versions 7.3 through 7.5 **Description** The issue allows an authenticated user to access IBM Navigator for i log files they are authorized to, but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying the servlet filter. **Recommendations** For versions 7.3 through 7.5, consider restricting access to the servlet filter to prevent unauthorized log file downloads until a patch is available. As a temporary workaround, modifying the interface checks to prevent bypassing can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Navigator for i versions 7.3 through 7.5 **Description** The issue allows an authenticated user to obtain sensitive information they are authorized to, but not while using this interface, by performing an SQL injection. This could enable an attacker to see user profile attributes through the interface. **Recommendations** For versions 7.3 through 7.5, consider restricting access to sensitive user profile attributes until a patch is available. As a temporary workaround, consider disabling SQL injection capabilities in the interface until a fix is provided. Restrict access to user profile attributes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Navigator for i versions 7.3 through 7.5 **Description** The issue is related to the lack of protection for the SQL query structure in the IBM Navigator graphical interface of the IBM i operating system. This could allow a remote attacker to gain unauthorized access to protected information. By performing a UNION-based SQL injection, an attacker could see file permissions through this interface. **Recommendations** For IBM Navigator for i versions 7.3 through 7.5, consider restricting access to the interface until a patch is available. As a temporary workaround, avoid using the interface for sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.