🔴IBM has issued an alert concerning a new vulnerability affecting IBM Navigator for i, identified under the reference CVE-2025-2950, this flaw is assessed with a CVSS score of 5.4/10.
The problem stems from an incorrect neutralization of the content of HTTP headers in IBM Navigator for i.
An authenticated user can exploit this weakness to manipulate the Host header of HTTP requests, which could result in unexpected application behavior – for example, redirection or routing to another domain or a falsified IP address.
Remediation/Fixes
Problems can be corrected by applying a PTF to IBM i.
IBM i versions 7.6, 7.5, 7.4 and 7.3 will be corrected (IBM i PTF numbers for 5770-SS1 Option 3 contain the vulnerability fix).
🔗 https://www.ibm.com/support/pages/node/7231025?myns=swgother&mynp=OCSWG60&mync=E&cm_sp=swgother–OCSWG60–E 🔗
⚡ Act now to secure your IT environment with STR-iCT!
🔐 Keep up to date with the latest cybersecurity alerts! 🚀
