CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179509	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Dec/20	Mailing List

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:i:7.3:::::::*
	cpe:2.3:a:ibm:i:7.4:::::::*
	cpe:2.3:a:ibm:i:7.5:::::::*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

History

03 Jul 2025, 20:54

Type	Values Removed	Values Added
First Time		Ibm Ibm i
References	~~() https://www.ibm.com/support/pages/node/7179509 -~~	() https://www.ibm.com/support/pages/node/7179509 - Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Dec/20 -~~	() http://seclists.org/fulldisclosure/2024/Dec/20 - Mailing List
CPE		cpe:2.3:o:ibm:i:-:::::::* cpe:2.3:a:ibm:i:7.5:::::::* cpe:2.3:a:ibm:i:7.3:::::::* cpe:2.3:a:ibm:i:7.4:::::::*

31 Dec 2024, 07:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Dec/20 -

25 Dec 2024, 15:15

Type	Values Removed	Values Added
Summary		(es) IBM i 7.3, 7.4 y 7.5 es vulnerable a la omisión de las restricciones de la interfaz de Navigator for i. Al enviar una solicitud especialmente manipulada, un atacante autenticado podría aprovechar esta vulnerabilidad para realizar de forma remota operaciones que el usuario no tiene permitido realizar cuando utiliza Navigator for i.
CWE	~~CWE-644~~	CWE-288

21 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-21 14:15

Updated : 2025-07-03 20:54

NVD link : CVE-2024-51464

Mitre link : CVE-2024-51464

CVE.ORG link : CVE-2024-51464

JSON object : View

Products Affected

ibm

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

4.3 /10