Lucene search

K
ibmIBMDEFA5C9C53BFB81298E793AA4C77ECF54194C21B95D6FDA6C8EF240CE9CF3C2F
HistoryDec 18, 2020 - 11:09 p.m.

Security Bulletin: IBM Content Navigator is susceptible to a cross-site scripting vunlerability.

2020-12-1823:09:04
www.ibm.com
6

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

Summary

IBM Content Navigator has addressed the following vulnerability

Vulnerability Details

CVEID:CVE-2020-4757
**DESCRIPTION:**IBM FileNet Content Manager and IBM Content Navigator is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188600 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Content Navigator 3.0CD

Remediation/Fixes

Product VMRF Remediation / First Fix
IBM Content Navigator 3.0 Continuous Delivery ICN 3.0.9 and above

Workarounds and Mitigations

The IBM Content Navigator viewer map can be configured to prevent users from opening or previewing certain types of documents as described in this article: <https://www-03preprod.ibm.com/support/knowledgecenter/SSEUEX_3.0.8/com.ibm.installingeuc.doc/eucco011.htm&gt;

CPENameOperatorVersion
ibm content navigatoreqany

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

Related for DEFA5C9C53BFB81298E793AA4C77ECF54194C21B95D6FDA6C8EF240CE9CF3C2F