CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179509	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Dec/19
http://seclists.org/fulldisclosure/2024/Dec/20	Mailing List

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:i:7.3:::::::*
	cpe:2.3:a:ibm:i:7.4:::::::*
	cpe:2.3:a:ibm:i:7.5:::::::*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

History

03 Nov 2025, 23:17

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Dec/19 -

Information

Published : 2024-12-21 14:15

Updated : 2025-11-03 23:17

NVD link : CVE-2024-51464

Mitre link : CVE-2024-51464

CVE.ORG link : CVE-2024-51464

JSON object : View

Products Affected

ibm

i

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2024-51464", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-21T14:15:21.627", "references": [{"url": "https://www.ibm.com/support/pages/node/7179509", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2024/Dec/19", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Dec/20", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i."}, {"lang": "es", "value": "IBM i 7.3, 7.4 y 7.5 es vulnerable a la omisi\u00f3n de las restricciones de la interfaz de Navigator for i. Al enviar una solicitud especialmente manipulada, un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para realizar de forma remota operaciones que el usuario no tiene permitido realizar cuando utiliza Navigator for i."}], "lastModified": "2025-11-03T23:17:14.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1"}, {"criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE"}, {"criteria": "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88B74622-BDB2-43AE-A91F-FADEC4B64B4F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}