2 matches found
IBM Content Navigator访问绕过漏洞
Bugtraq ID:65856 CVE ID:CVE-2014-0858 IBM Content Navigator是一个Web客户机,用来向用户提供控制台以处理多个内容服务器中的内容。 IBM Content Navigator存在安全漏洞,允许通过验证的用户提交修改过的URL来绕过访问限制,进行deleteAction攻击。 0 IBM Content Navigator 2.x 厂商补丁: IBM ----- IBM Content Navigator 2.0.2.2-ICN-FP002已经修复该漏洞,建议用户下载更新:...
CVE-2014-0858
Summary: CVE-2014-0858 affects IBM Content Navigator 2.0.x prior to 2.0.2.2-ICN-FP002, where a non-admin user can bypass access controls and perform a deleteAction against the configuration database by modifying the URL. Root cause (as described): Improper authorization by non-admin user allowing...