Rewterz Threat Advisory – CVE-2023-21893 – Oracle Database Server Oracle Data Provider for .NET Vulnerability
January 19, 2023Rewterz Threat Advisory – CVE-2022-39167 – IBM Spectrum Virtualize Vulnerability
January 20, 2023Rewterz Threat Advisory – CVE-2023-21893 – Oracle Database Server Oracle Data Provider for .NET Vulnerability
January 19, 2023Rewterz Threat Advisory – CVE-2022-39167 – IBM Spectrum Virtualize Vulnerability
January 20, 2023Severity
Medium
Analysis Summary
CVE-2022-43859
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface.
Impact
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2022-43859
Affected Vendors
IBM
Affected Products
- IBM i 7.3
- IBM i 7.4
- IBM i 7.5
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.