CVE-2022-43858

Name of the Vulnerable Software and Affected Versions IBM Navigator for i versions 7.3 through 7.5

Description The issue allows an authenticated user to access the file system and download files they are authorized to, but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface.

Recommendations For IBM Navigator for i versions 7.3 through 7.5, consider restricting access to the file system interface to minimize the risk of exploitation. As a temporary workaround, avoid using the modified parameter in the affected interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.