Vulnerability Details : CVE-2022-22481
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899.
Products affected by CVE-2022-22481
- cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-22481
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22481
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
IBM Corporation | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-22481
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-22481
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/225899
IBM i information disclosure CVE-2022-22481 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6583553
Security Bulletin: IBM i components are vulnerable to data access due to CVE-2022-22481Patch;Vendor Advisory
Jump to