CVE-2022-43859

Name of the Vulnerable Software and Affected Versions IBM Navigator for i versions 7.3 through 7.5

Description The issue is related to the lack of protection for the SQL query structure in the IBM Navigator graphical interface of the IBM i operating system. This could allow a remote attacker to gain unauthorized access to protected information. By performing a UNION-based SQL injection, an attacker could see file permissions through this interface.

Recommendations For IBM Navigator for i versions 7.3 through 7.5, consider restricting access to the interface until a patch is available. As a temporary workaround, avoid using the interface for sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.