CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7179509	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Dec/20	Mailing List

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:i:7.3:::::::*
	cpe:2.3:a:ibm:i:7.4:::::::*
	cpe:2.3:a:ibm:i:7.5:::::::*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

History

03 Jul 2025, 20:54

Type	Values Removed	Values Added
CPE		cpe:2.3:o:ibm:i:-:::::::* cpe:2.3:a:ibm:i:7.5:::::::* cpe:2.3:a:ibm:i:7.3:::::::* cpe:2.3:a:ibm:i:7.4:::::::*
First Time		Ibm i Ibm
References	~~() https://www.ibm.com/support/pages/node/7179509 -~~	() https://www.ibm.com/support/pages/node/7179509 - Vendor Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Dec/20 -~~	() http://seclists.org/fulldisclosure/2024/Dec/20 - Mailing List

31 Dec 2024, 07:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Dec/20 -

25 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-21 14:15

Updated : 2025-07-03 20:54

NVD link : CVE-2024-51464

Mitre link : CVE-2024-51464

CVE.ORG link : CVE-2024-51464

JSON object : View

Products Affected

ibm

i

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2024-51464", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-21T14:15:21.627", "references": [{"url": "https://www.ibm.com/support/pages/node/7179509", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Dec/20", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i."}, {"lang": "es", "value": "IBM i 7.3, 7.4 y 7.5 es vulnerable a la omisi\u00f3n de las restricciones de la interfaz de Navigator for i. Al enviar una solicitud especialmente manipulada, un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad para realizar de forma remota operaciones que el usuario no tiene permitido realizar cuando utiliza Navigator for i."}], "lastModified": "2025-07-03T20:54:10.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1"}, {"criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE"}, {"criteria": "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88B74622-BDB2-43AE-A91F-FADEC4B64B4F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}