Security Bulletin: ICN Is Vulnerable to Improper Input Validation

Summary IBM Content Navigator could allow a malicious user to cause a denial of service due to improper input validation. Vulnerability Details CVEID: CVE-2021-29714 DESCRIPTION: IBM Content Navigator could allow a malicious user to cause a denial of service due to improper input validation. CVSS...

Security Bulletin: IBM Content Navigator is vulnerable to an email exploit

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details Third Party Entry: PSIRT-ADV0028011 DESCRIPTION: Created from Advisory: ADV0028011 CVSS Base score: 5.9 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products and Versions Affected...

Security Bulletin: IBM Content Manager is affected by a potential information disclosure vulnerability

Summary IBM Content Navigator has addressed the following vulnerability. A potential vulnerability in the Apache Commons Codec module could allow information disclosure. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5...

Security Bulletin: IBM Content Navigator is susceptible to a cross-site scripting vunlerability.

Summary IBM Content Navigator has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-4757 DESCRIPTION: IBM FileNet Content Manager and IBM Content Navigator is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

CVE-2020-4704

The CVE-2020-4704 entry affects IBM Content Navigator 3.0CD and is caused by a stored cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM’s security bulletin for Content Navigator ...

CVE-2020-4760

IBM Content Navigator 3.0CD is affected by a cross-site scripting (CVE-2020-4760) vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The vulnerability is documented across multiple sources...

Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting.

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4760 DESCRIPTION: IBM Content Navigator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

IBM Content Navigator Information Disclosure Vulnerability (CNVD-2020-47547)

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator version 3.0CD. The vulnerability can be exploited by an attacker to illegally view oth...

Security Bulletin: IBM Content Navigator is vulnerable to an Elliptic Curve Key Disclosure.

Summary IBM Content Navigator has addressed the following vulnerability. A potential vulnerability in the jose4j module could allow information disclosure. Vulnerability Details Third Party Entry: 186425 DESCRIPTION: jose.4.j library key information disclosure CVSS Base score: 8.7 CVSS Temporal...

Security Bulletin: IBM Content Navigator is vulnerable to improper input validation

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4548 DESCRIPTION: IBM Content Navigator is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigat...

Security Bulletin: IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-5259 DESCRIPTION: Dojo dojox could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could...

CVE-2020-4309

The CVE-2020-4309 entry concerns IBM Content Navigator 3.0CD (and related 3.0 releases). Affected component/impact: an information disclosure vulnerability that allows an unauthenticated user to obtain sensitive information, potentially aiding further attacks. Root cause is described as disclosur...

CVE-2019-4741

IBM Content Navigator 3.0CD is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2019-4741). An unauthenticated attacker could trigger the system to issue unauthorized requests, enabling network enumeration or facilitating other attacks as described by IBM’s security bulletin. R...

CVE-2019-4571

CVE-2019-4571 affects IBM Content Navigator 3.0CD. The affected component is the Web UI, where a cross-site scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The vulnerability is rated CVSS v3.0...

CVE-2019-4263

IBM Content Navigator 3.0CD is affected by CVE-2019-4263, a local file inclusion vulnerability in the ICN server. The issue allows access to sensitive configuration files via ICN URLs, with a CVSS v3.1/base score of 4.3 (NETWORK, LOW complexity, privileges LOW, no user interaction). Affected prod...

PT-2019-17003 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator version 3.0CD Description: The issue allows an attacker to access a configuration file in the ICN server through local file inclusion. Recommendations: For IBM Content Navigator version 3.0CD, consider restricting access...

IBM Content Navigator Local File Containment Vulnerability

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A local file inclusion vulnerability exists in IBM Content Navigator version 3.0CD. An attacker can exploit this vulnerability to access...

CVE-2019-4033

IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999...

PT-2019-16893 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 2.0.3 through 3.0CD Description: The issue allows a remote attacker to conduct phishing attacks using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, the attacker could...

CVE-2019-4035

Summary: CVE-2019-4035 affects IBM Content Navigator (3.0 Continuous Delivery). A spoofing/redirect issue could let attackers direct ICN users to a malicious site, causing the Edit client to fetch documents from the attacker’s site. Affected product: IBM Content Navigator 3.0 Continuous Delivery....