CVE-2024-51464 MEDIUM

CVE-2024-51464: IBM i authentication bypass

Vendor Ibm
Product i
Weakness CWE-288
Published December 21, 2024
Last update November 3, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.

Key dates

02Disclosure timeline

December 21, 2024 CVE published
November 3, 2025 Record updated