CVE-2022-43857

Name of the Vulnerable Software and Affected Versions IBM Navigator for i versions 7.3 through 7.5

Description The issue allows an authenticated user to access IBM Navigator for i log files they are authorized to, but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying the servlet filter.

Recommendations For versions 7.3 through 7.5, consider restricting access to the servlet filter to prevent unauthorized log file downloads until a patch is available. As a temporary workaround, modifying the interface checks to prevent bypassing can help minimize the risk of exploitation.