CVE-2024-51463

moderate-risk
Published 2024-12-21

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
52212
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (3)

I
I
I

Affected Vendors

Ibm

References (2)

Vendor Advisory https://www.ibm.com/support/pages/node/7179509
http://seclists.org/fulldisclosure/2024/Dec/19
33
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 3/34 · Minimal
Exposure 9/34 · Low