IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.
References
Link | Resource |
---|---|
https://www.ibm.com/support/pages/node/7231320 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
03 Jul 2025, 20:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ibm i
Ibm |
|
References | () https://www.ibm.com/support/pages/node/7231320 - Vendor Advisory | |
Summary |
|
|
CPE | cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* |
21 Apr 2025, 14:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-18 15:15
Updated : 2025-07-03 20:53
NVD link : CVE-2025-2950
Mitre link : CVE-2025-2950
CVE.ORG link : CVE-2025-2950
JSON object : View
Products Affected
ibm
- i
CWE
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax