Server-Side Request Forgery Vulnerability in IBM i Products
CVE-2024-51463

5.4MEDIUM

Key Information:

Vendor: IBM
Status: I
Vendor: CVE Published:; 21 December 2024

Summary

CVE-2024-51463 represents a significant security vulnerability affecting IBM i versions 7.3, 7.4, and 7.5. The vulnerability is characterized as a server-side request forgery (SSRF), which can be exploited by authenticated attackers. By leveraging this flaw, attackers may issue unauthorized requests from the server, enabling potential network enumeration and creating pathways for further malicious activities. This could compromise the integrity and confidentiality of the network environment. Organizations using these affected IBM i versions are advised to implement necessary security patches and monitor for unusual activity to mitigate the risks associated with this vulnerability.

Affected Version(s)

i 7.3, 7.4, 7.5

References

https://www.ibm.com/support/pages/node/7179509

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2024
Vulnerability Reserved
Oct 28, 2024

Collectors

NVD DatabaseMitre Database