CVE-2022-43860

Name of the Vulnerable Software and Affected Versions IBM Navigator for i versions 7.3 through 7.5

Description The issue allows an authenticated user to obtain sensitive information they are authorized to, but not while using this interface, by performing an SQL injection. This could enable an attacker to see user profile attributes through the interface.

Recommendations For versions 7.3 through 7.5, consider restricting access to sensitive user profile attributes until a patch is available. As a temporary workaround, consider disabling SQL injection capabilities in the interface until a fix is provided. Restrict access to user profile attributes to minimize the risk of exploitation.