IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm i 7.3 |
||
ibm i 7.4 |
||
ibm i 7.5 |