40 matches found
CVE-2019-4263
IBM Content Navigator 3.0CD is affected by CVE-2019-4263, a local file inclusion vulnerability in the ICN server. The issue allows access to sensitive configuration files via ICN URLs, with a CVSS v3.1/base score of 4.3 (NETWORK, LOW complexity, privileges LOW, no user interaction). Affected prod...
CVE-2022-43581
CVE-2022-43581 affects IBM Content Navigator versions 3.0.0 through 3.0.12, where missing authorization could allow an authenticated user to load external plugins and execute code. The issue is documented across IBM security bulletins and Red Hat advisories, with remediation guidance including ap...
CVE-2023-35896
IBM Content Navigator is affected by CVE-2023-35896 via SSRF in versions 3.0.11, 3.0.13, and 3.0.14 due to Oracle Outside In Technology in the viewer. The root cause is a server-side request forgery that can allow an authenticated attacker to issue unauthorized requests from the system, potential...
CVE-2023-40684
CVE-2023-40684 affects IBM Content Navigator on 3.0.11/3.0.13/3.0.14 when used with IBM Daeja ViewOne Virtual. The issue is a cross-site scripting vulnerability that lets a user embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Docum...
CVE-2020-4757
CVE-2020-4757 affects IBM FileNet Content Manager and IBM Content Navigator 3.0.CD with a stored cross-site scripting vulnerability in the Web UI. The root cause is an XSS flaw in the Content Navigator/Content Manager web interface that could allow an attacker to embed arbitrary JavaScript, poten...
CVE-2019-4092
CVE-2019-4092 affects IBM Content Navigator versions 2.0.3 and 3.0 Continuous Delivery (CD). The root cause is an open redirect mechanism that allows remote attackers to masquerade a malicious site as trusted, enabling phishing by spoofing the URL displayed to victims. Impact described includes e...
CVE-2021-20550
CVE-2021-20550 affects IBM Content Navigator 3.0.CD. A cross-site scripting vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. CVSS v3.0 base score: 5.4 (MEDIUM); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A...
CVE-2020-4760
IBM Content Navigator 3.0CD is affected by a cross-site scripting (CVE-2020-4760) vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The vulnerability is documented across multiple sources...
CVE-2020-4253
CVE-2020-4253 affects IBM Content Navigator 3.0CD, where the session is not invalidated after logout, allowing an authenticated user to impersonate another user. Root cause: session remains active post-logout. Affected product/version: IBM Content Navigator 3.0CD (IBM bulletin also lists remediat...
CVE-2020-4704
The CVE-2020-4704 entry affects IBM Content Navigator 3.0CD and is caused by a stored cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM’s security bulletin for Content Navigator ...
CVE-2021-20549
CVE-2021-20549 affects IBM Content Navigator 3.0.CD, with a cross-site scripting (XSS) vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM bulletin cites a base CVSS v3.0 score of 5.4 (AV:N/AC:L/PR:L/UI...
CVE-2024-56341
IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are affected by a cross-site scripting vulnerability (CVE-2024-56341) that allows an authenticated user to inject arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Remediation per IB...
CVE-2014-0874
CVE-2014-0874 describes a reflected cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x up to but not including 2.0.2.2-ICN-FP002. The issue arises from insufficient encoding of input in request parameters, allowing remote authenticated users to inject arbitrary web script or HT...
CVE-2019-4741
IBM Content Navigator 3.0CD is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2019-4741). An unauthenticated attacker could trigger the system to issue unauthorized requests, enabling network enumeration or facilitating other attacks as described by IBM’s security bulletin. R...
CVE-2014-0858
Summary: CVE-2014-0858 affects IBM Content Navigator 2.0.x prior to 2.0.2.2-ICN-FP002, where a non-admin user can bypass access controls and perform a deleteAction against the configuration database by modifying the URL. Root cause (as described): Improper authorization by non-admin user allowing...
CVE-2017-1146
CVE-2017-1146 affects IBM Content Navigator in versions 2.0.3 and 3.0.0. The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause: insecure handling of user ...
CVE-2019-4035
Summary: CVE-2019-4035 affects IBM Content Navigator (3.0 Continuous Delivery). A spoofing/redirect issue could let attackers direct ICN users to a malicious site, causing the Edit client to fetch documents from the attacker’s site. Affected product: IBM Content Navigator 3.0 Continuous Delivery....
CVE-2020-4687
CVE-2020-4687 affects IBM Content Navigator in IBM Case Manager, with prior public details indicating that authenticated users could access another user’s cached content. Connected IBM advisories confirm the vulnerability in IBM Content Navigator 3.0.7/3.0.8 and provide remediation guidance. Reme...
CVE-2021-29714
CVE-2021-29714 : IBM Content Navigator 3.0.CD is vulnerable to a denial-of-service caused by improper input validation. The vulnerability affects IBM Content Navigator (embedded component) and is documented in multiple sources (IBM Security Bulletin; CNVD/CNVD-like entries). Remediation per IBM g...
CVE-2024-51475
IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are affected by HTML injection (CWE-80). The issue allows a remote attacker to inject HTML that executes in the victim’s browser within the hosting site’s context. According to the IBM security bulletin, fixed versions are 3.0.15 IF006, 3.1...
CVE-2019-4034
IBM Content Navigator CVE-2019-4034 affects the 3.0 Continuous Delivery line. A vulnerability allows code execution on a user’s workstation when editing an executable file in ICN with the Edit service. Root cause involves input handling that leads to execution on the client. Remediation per IBM b...
CVE-2021-20448
The CVE-2021-20448 entry concerns IBM Content Navigator (specifically 3.0.CD) and is confirmed by multiple sources in connected documents. The vulnerability is Cross-Site Scripting (XSS) in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential di...
CVE-2013-5462
CVE-2013-5462 affects IBM Content Navigator (and its toolkit) versions 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001. The vulnerability allows clickjacking by loading the Content Navigator URL in a frame (header.jsp header) to capture user input such as credentials. IB...
CVE-2017-1331
IBM Content Navigator is vulnerable to cross-site scripting (CVE-2017-1331) in multiple versions. Affected products/versions per connected sources: IBM Content Navigator 2.0.3.5–2.0.3.8 and 3.0.0. The root cause is XSS in the Web UI that can embed arbitrary JavaScript, potentially leading to cred...
CVE-2017-1522
The CVE-2017-1522 issue affects IBM Content Navigator with CMIS in versions 2.0.3.8, 3.0.0, and 3.0.1, where a cross-site scripting vulnerability allows injecting arbitrary JavaScript into the Web UI, potentially leading to credential disclosure within a trusted session. The IBM Security Bulletin...
CVE-2018-1364
CVE-2018-1364 affects IBM Content Navigator 2.0 and 3.0, vulnerable to XML External Entity Injection (XXE) when processing XML data. A remote attacker could disclose sensitive information or exhaust memory resources. The IBM CMIS/Content Navigator ecosystem is implicated across multiple IBM produ...
CVE-2015-1888
CVE-2015-1888 describes an XSS vulnerability in IBM Content Navigator (affected version(s) 2.0.3 and 2.0.2 prior to FPs) used with IBM Content Manager, FileNet Content Manager, Content Foundation, and Content Manager OnDemand. The root cause is improper validation of user-supplied input, which al...
CVE-2017-1282
IBM Content Navigator (CMIS 2.0/3.0) is affected by a cross-site scripting vulnerability (CVE-2017-1282). The issue allows attackers to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure in a trusted session. Affected versions are IBM Content Navigator 2.0....
CVE-2018-1496
IBM Content Navigator is affected by a cross-site scripting vulnerability (CVE-2018-1496) in versions 2.0.3 and 3.0 Continuous Delivery. The issue allows embedded arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM’s security bulletin no...
CVE-2017-1502
CVE-2017-1502 affects IBM Content Navigator (CMS with CMIS) in versions 2.0.3.8, 3.0.0, and 3.0.1 with a cross-site scripting flaw that allows arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. IBM’s bulletin confirms the vulnerability and p...
CVE-2014-8911
CVE-2014-8911 is a reflected XSS in IBM Content Navigator affecting 2.0.0–2.0.3 releases. The vulnerability arises from improper validation of the Accept-Language header, allowing remote attackers to inject arbitrary script or HTML and potentially steal cookies or hijack sessions. IBM’s advisory ...
CVE-2018-1366
Summary of CVE-2018-1366 (IBM Content Navigator) : The vulnerability affects IBM Content Navigator versions 2.0.3.7–2.0.3.8 and 3.0.0–3.0.3, where a CSV Injection flaw exists in the CSV handling/submission path. The underlying issue enables an attacker to inject content into CSV-enabled workflows...
CVE-2020-4548
IBM Content Navigator 3.0.7 and 3.0.8 are affected by an input validation flaw that allows a malicious administrator to bypass the UI and send requests containing illegal characters that could be stored in the server database. The confirmed impact is low (per CVSS v3.1), with local-like privilege...
CVE-2019-4679
IBM Content Navigator 3.0CD exposes hosting operating system and version information in the logon response for authenticated users, enabling information disclosure that could support targeted attacks. Mitigation is to apply the IBM Content Navigator remediation: upgrade to the 3.0 Continuous Deli...
CVE-2019-4033
IBM Content Navigator versions 2.0.3 and 3.0 CD are vulnerable to cross-site scripting (XSS) via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The root cause is an XSS flaw in the web interface that processes client-s...
CVE-2019-4571
CVE-2019-4571 affects IBM Content Navigator 3.0CD. The affected component is the Web UI, where a cross-site scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The vulnerability is rated CVSS v3.0...
CVE-2020-4309
The CVE-2020-4309 entry concerns IBM Content Navigator 3.0CD (and related 3.0 releases). Affected component/impact: an information disclosure vulnerability that allows an unauthenticated user to obtain sensitive information, potentially aiding further attacks. Root cause is described as disclosur...
CVE-2020-4934
Summary of CVE-2020-4934 (IBM Content Navigator 3.0.CD) : A directory-traversal vulnerability allows a remote attacker to view arbitrary files by sending a crafted URL containing dot-dot sequences (/../). Affects IBM Content Navigator 3.0.CD in IBM products; impact is exposure of potentially sens...
CVE-2026-1243
IBM Content Navigator is affected by CVE-2026-1243: vulnerable versions 3.0.15, 3.1.0, and 3.2.0 allow an authenticated user to embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. Remediation per IBM Security Bulletin: upgrade to 3.0.15 IF009, 3....
CVE-2025-27906
Summary: CVE-2025-27906 affects IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0, exposing a directory listing via an application URL. The IBM bulletin confirms an LFI-style exposure where an authenticated attacker can view file and folder names in the server’s browser, but cannot read or m...