Oracle Outside In Technology is used in some configurations of IBM Content Navigator as part of the document viewer. CVE-2023-35896.
CVEID:CVE-2023-35896
**DESCRIPTION:**IBM Content Navigator is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259247 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s)|**Version(s)
**
—|—
IBM Content Navigator| 3.0.14
IBM Content Navigator| 3.0.13
IBM Content Navigator| 3.0.11
Affected Product(s) | Version(s) | Remediation/Fix/Instructions |
---|---|---|
IBM Content Navigator | 3.0.14 | Download 3.0.14 IF003 and follow instructions |
IBM Content Navigator | 3.0.13 | Download 3.0.13 IF006 and follow instructions |
IBM Content Navigator | 3.0.11 | Download 3.0.11 IF014 and follow instructions |
Customers who do not use Oracle Outside In Technology are not affected.