CVE-2022-43860 MEDIUM

CVE-2022-43860: IBM Navigator for i SQL injection

Vendor Ibm

Product Navigator for i

Weakness CWE-89 · SQLi

Published December 22, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.

Key dates

02Disclosure timeline

December 22, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43860 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method CVE-2019-1942 Cisco Identity Services Engine Blind SQL Injection Vulnerability CVE-2025-23993 WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability CVE-2025-14217 code-projects Currency Exchange System edittrns.php sql injection CVE-2023-2773 code-projects Bus Dispatch and Information System view_admin.php sql injection