Lucene search
K
IbmContent Navigator

40 matches found

CVE
CVE
added 2019/07/11 7:55 p.m.141 views

CVE-2019-4263

IBM Content Navigator 3.0CD is affected by CVE-2019-4263, a local file inclusion vulnerability in the ICN server. The issue allows access to sensitive configuration files via ICN URLs, with a CVSS v3.1/base score of 4.3 (NETWORK, LOW complexity, privileges LOW, no user interaction). Affected prod...

4.3CVSS4.6AI score0.00916EPSS
CVE
CVE
added 2022/12/07 5:7 p.m.79 views

CVE-2022-43581

CVE-2022-43581 affects IBM Content Navigator versions 3.0.0 through 3.0.12, where missing authorization could allow an authenticated user to load external plugins and execute code. The issue is documented across IBM security bulletins and Red Hat advisories, with remediation guidance including ap...

8.8CVSS8AI score0.00685EPSS
CVE
CVE
added 2023/11/03 2:14 a.m.76 views

CVE-2023-35896

IBM Content Navigator is affected by CVE-2023-35896 via SSRF in versions 3.0.11, 3.0.13, and 3.0.14 due to Oracle Outside In Technology in the viewer. The root cause is a server-side request forgery that can allow an authenticated attacker to issue unauthorized requests from the system, potential...

5.4CVSS5.3AI score0.00289EPSS
CVE
CVE
added 2023/10/04 1:38 p.m.74 views

CVE-2023-40684

CVE-2023-40684 affects IBM Content Navigator on 3.0.11/3.0.13/3.0.14 when used with IBM Daeja ViewOne Virtual. The issue is a cross-site scripting vulnerability that lets a user embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Docum...

5.4CVSS4.9AI score0.00368EPSS
CVE
CVE
added 2020/12/21 5:50 p.m.64 views

CVE-2020-4757

CVE-2020-4757 affects IBM FileNet Content Manager and IBM Content Navigator 3.0.CD with a stored cross-site scripting vulnerability in the Web UI. The root cause is an XSS flaw in the Content Navigator/Content Manager web interface that could allow an attacker to embed arbitrary JavaScript, poten...

6.4CVSS5.8AI score0.01277EPSS
CVE
CVE
added 2019/04/25 2:36 p.m.57 views

CVE-2019-4092

CVE-2019-4092 affects IBM Content Navigator versions 2.0.3 and 3.0 Continuous Delivery (CD). The root cause is an open redirect mechanism that allows remote attackers to masquerade a malicious site as trusted, enabling phishing by spoofing the URL displayed to victims. Impact described includes e...

6.8CVSS5.8AI score0.00786EPSS
CVE
CVE
added 2021/04/27 4:32 p.m.56 views

CVE-2021-20550

CVE-2021-20550 affects IBM Content Navigator 3.0.CD. A cross-site scripting vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. CVSS v3.0 base score: 5.4 (MEDIUM); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2020/11/10 2:50 p.m.55 views

CVE-2020-4760

IBM Content Navigator 3.0CD is affected by a cross-site scripting (CVE-2020-4760) vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The vulnerability is documented across multiple sources...

5.4CVSS5.2AI score0.00851EPSS
CVE
CVE
added 2020/03/24 3:20 p.m.54 views

CVE-2020-4253

CVE-2020-4253 affects IBM Content Navigator 3.0CD, where the session is not invalidated after logout, allowing an authenticated user to impersonate another user. Root cause: session remains active post-logout. Affected product/version: IBM Content Navigator 3.0CD (IBM bulletin also lists remediat...

8.8CVSS8.2AI score0.00902EPSS
CVE
CVE
added 2020/11/10 2:50 p.m.54 views

CVE-2020-4704

The CVE-2020-4704 entry affects IBM Content Navigator 3.0CD and is caused by a stored cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM’s security bulletin for Content Navigator ...

6.4CVSS5.1AI score0.00851EPSS
CVE
CVE
added 2021/04/27 4:32 p.m.54 views

CVE-2021-20549

CVE-2021-20549 affects IBM Content Navigator 3.0.CD, with a cross-site scripting (XSS) vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM bulletin cites a base CVSS v3.0 score of 5.4 (AV:N/AC:L/PR:L/UI...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2025/04/02 3:8 p.m.54 views

CVE-2024-56341

IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are affected by a cross-site scripting vulnerability (CVE-2024-56341) that allows an authenticated user to inject arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Remediation per IB...

5.4CVSS6.5AI score0.00213EPSS
CVE
CVE
added 2014/02/28 2:0 a.m.53 views

CVE-2014-0874

CVE-2014-0874 describes a reflected cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x up to but not including 2.0.2.2-ICN-FP002. The issue arises from insufficient encoding of input in request parameters, allowing remote authenticated users to inject arbitrary web script or HT...

3.5CVSS5.3AI score0.01429EPSS
CVE
CVE
added 2020/02/12 4:10 p.m.51 views

CVE-2019-4741

IBM Content Navigator 3.0CD is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2019-4741). An unauthenticated attacker could trigger the system to issue unauthorized requests, enabling network enumeration or facilitating other attacks as described by IBM’s security bulletin. R...

5.3CVSS5.2AI score0.00962EPSS
CVE
CVE
added 2014/02/27 8:0 p.m.50 views

CVE-2014-0858

Summary: CVE-2014-0858 affects IBM Content Navigator 2.0.x prior to 2.0.2.2-ICN-FP002, where a non-admin user can bypass access controls and perform a deleteAction against the configuration database by modifying the URL. Root cause (as described): Improper authorization by non-admin user allowing...

3.5CVSS6.2AI score0.00904EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.50 views

CVE-2017-1146

CVE-2017-1146 affects IBM Content Navigator in versions 2.0.3 and 3.0.0. The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause: insecure handling of user ...

5.4CVSS5.2AI score0.00538EPSS
CVE
CVE
added 2019/03/22 6:50 p.m.50 views

CVE-2019-4035

Summary: CVE-2019-4035 affects IBM Content Navigator (3.0 Continuous Delivery). A spoofing/redirect issue could let attackers direct ICN users to a malicious site, causing the Edit client to fetch documents from the attacker’s site. Affected product: IBM Content Navigator 3.0 Continuous Delivery....

6.3CVSS5.2AI score0.0094EPSS
CVE
CVE
added 2020/08/20 3:55 p.m.49 views

CVE-2020-4687

CVE-2020-4687 affects IBM Content Navigator in IBM Case Manager, with prior public details indicating that authenticated users could access another user’s cached content. Connected IBM advisories confirm the vulnerability in IBM Content Navigator 3.0.7/3.0.8 and provide remediation guidance. Reme...

4.3CVSS4.4AI score0.01046EPSS
CVE
CVE
added 2021/08/09 4:5 p.m.49 views

CVE-2021-29714

CVE-2021-29714 : IBM Content Navigator 3.0.CD is vulnerable to a denial-of-service caused by improper input validation. The vulnerability affects IBM Content Navigator (embedded component) and is documented in multiple sources (IBM Security Bulletin; CNVD/CNVD-like entries). Remediation per IBM g...

6.5CVSS6.2AI score0.01012EPSS
CVE
CVE
added 2025/05/16 12:44 a.m.49 views

CVE-2024-51475

IBM Content Navigator versions 3.0.11, 3.0.15, and 3.1.0 are affected by HTML injection (CWE-80). The issue allows a remote attacker to inject HTML that executes in the victim’s browser within the hosting site’s context. According to the IBM security bulletin, fixed versions are 3.0.15 IF006, 3.1...

6.1CVSS6.9AI score0.00219EPSS
CVE
CVE
added 2019/03/14 11:0 p.m.48 views

CVE-2019-4034

IBM Content Navigator CVE-2019-4034 affects the 3.0 Continuous Delivery line. A vulnerability allows code execution on a user’s workstation when editing an executable file in ICN with the Edit service. Root cause involves input handling that leads to execution on the client. Remediation per IBM b...

8.8CVSS8.6AI score0.01932EPSS
CVE
CVE
added 2021/04/27 4:32 p.m.48 views

CVE-2021-20448

The CVE-2021-20448 entry concerns IBM Content Navigator (specifically 3.0.CD) and is confirmed by multiple sources in connected documents. The vulnerability is Cross-Site Scripting (XSS) in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential di...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2013/12/19 10:0 p.m.47 views

CVE-2013-5462

CVE-2013-5462 affects IBM Content Navigator (and its toolkit) versions 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001. The vulnerability allows clickjacking by loading the Content Navigator URL in a frame (header.jsp header) to capture user input such as credentials. IB...

4.3CVSS6.5AI score0.01803EPSS
CVE
CVE
added 2017/08/04 4:0 p.m.45 views

CVE-2017-1331

IBM Content Navigator is vulnerable to cross-site scripting (CVE-2017-1331) in multiple versions. Affected products/versions per connected sources: IBM Content Navigator 2.0.3.5–2.0.3.8 and 3.0.0. The root cause is XSS in the Web UI that can embed arbitrary JavaScript, potentially leading to cred...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2017/10/05 5:0 p.m.45 views

CVE-2017-1522

The CVE-2017-1522 issue affects IBM Content Navigator with CMIS in versions 2.0.3.8, 3.0.0, and 3.0.1, where a cross-site scripting vulnerability allows injecting arbitrary JavaScript into the Web UI, potentially leading to credential disclosure within a trusted session. The IBM Security Bulletin...

5.4CVSS5.2AI score0.0054EPSS
CVE
CVE
added 2018/01/29 4:0 p.m.45 views

CVE-2018-1364

CVE-2018-1364 affects IBM Content Navigator 2.0 and 3.0, vulnerable to XML External Entity Injection (XXE) when processing XML data. A remote attacker could disclose sensitive information or exhaust memory resources. The IBM CMIS/Content Navigator ecosystem is implicated across multiple IBM produ...

8.2CVSS7.9AI score0.02419EPSS
CVE
CVE
added 2015/10/03 10:0 p.m.44 views

CVE-2015-1888

CVE-2015-1888 describes an XSS vulnerability in IBM Content Navigator (affected version(s) 2.0.3 and 2.0.2 prior to FPs) used with IBM Content Manager, FileNet Content Manager, Content Foundation, and Content Manager OnDemand. The root cause is improper validation of user-supplied input, which al...

3.5CVSS5.2AI score0.00783EPSS
CVE
CVE
added 2017/05/22 8:0 p.m.44 views

CVE-2017-1282

IBM Content Navigator (CMIS 2.0/3.0) is affected by a cross-site scripting vulnerability (CVE-2017-1282). The issue allows attackers to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure in a trusted session. Affected versions are IBM Content Navigator 2.0....

5.4CVSS5.2AI score0.00538EPSS
CVE
CVE
added 2018/05/31 9:0 p.m.44 views

CVE-2018-1496

IBM Content Navigator is affected by a cross-site scripting vulnerability (CVE-2018-1496) in versions 2.0.3 and 3.0 Continuous Delivery. The issue allows embedded arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM’s security bulletin no...

5.4CVSS5.2AI score0.00968EPSS
CVE
CVE
added 2017/09/07 4:0 p.m.43 views

CVE-2017-1502

CVE-2017-1502 affects IBM Content Navigator (CMS with CMIS) in versions 2.0.3.8, 3.0.0, and 3.0.1 with a cross-site scripting flaw that allows arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. IBM’s bulletin confirms the vulnerability and p...

5.4CVSS5.2AI score0.00538EPSS
CVE
CVE
added 2015/02/14 2:0 a.m.42 views

CVE-2014-8911

CVE-2014-8911 is a reflected XSS in IBM Content Navigator affecting 2.0.0–2.0.3 releases. The vulnerability arises from improper validation of the Accept-Language header, allowing remote attackers to inject arbitrary script or HTML and potentially steal cookies or hijack sessions. IBM’s advisory ...

4.3CVSS5.7AI score0.00931EPSS
CVE
CVE
added 2018/02/07 5:0 p.m.42 views

CVE-2018-1366

Summary of CVE-2018-1366 (IBM Content Navigator) : The vulnerability affects IBM Content Navigator versions 2.0.3.7–2.0.3.8 and 3.0.0–3.0.3, where a CSV Injection flaw exists in the CSV handling/submission path. The underlying issue enables an attacker to inject content into CSV-enabled workflows...

7.8CVSS7.4AI score0.00932EPSS
CVE
CVE
added 2020/08/20 3:55 p.m.41 views

CVE-2020-4548

IBM Content Navigator 3.0.7 and 3.0.8 are affected by an input validation flaw that allows a malicious administrator to bypass the UI and send requests containing illegal characters that could be stored in the server database. The confirmed impact is low (per CVSS v3.1), with local-like privilege...

4.3CVSS3.6AI score0.00729EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.40 views

CVE-2019-4679

IBM Content Navigator 3.0CD exposes hosting operating system and version information in the logon response for authenticated users, enabling information disclosure that could support targeted attacks. Mitigation is to apply the IBM Content Navigator remediation: upgrade to the 3.0 Continuous Deli...

4.3CVSS4.4AI score0.00816EPSS
CVE
CVE
added 2019/04/25 2:36 p.m.38 views

CVE-2019-4033

IBM Content Navigator versions 2.0.3 and 3.0 CD are vulnerable to cross-site scripting (XSS) via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The root cause is an XSS flaw in the web interface that processes client-s...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2019/09/25 8:5 p.m.38 views

CVE-2019-4571

CVE-2019-4571 affects IBM Content Navigator 3.0CD. The affected component is the Web UI, where a cross-site scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The vulnerability is rated CVSS v3.0...

5.4CVSS5.2AI score0.00699EPSS
CVE
CVE
added 2020/03/24 3:20 p.m.38 views

CVE-2020-4309

The CVE-2020-4309 entry concerns IBM Content Navigator 3.0CD (and related 3.0 releases). Affected component/impact: an information disclosure vulnerability that allows an unauthenticated user to obtain sensitive information, potentially aiding further attacks. Root cause is described as disclosur...

5.3CVSS4.9AI score0.01273EPSS
CVE
CVE
added 2021/02/02 2:35 p.m.38 views

CVE-2020-4934

Summary of CVE-2020-4934 (IBM Content Navigator 3.0.CD) : A directory-traversal vulnerability allows a remote attacker to view arbitrary files by sending a crafted URL containing dot-dot sequences (/../). Affects IBM Content Navigator 3.0.CD in IBM products; impact is exposure of potentially sens...

4.3CVSS4.8AI score0.01822EPSS
CVE
CVE
added 2026/04/02 12:14 a.m.20 views

CVE-2026-1243

IBM Content Navigator is affected by CVE-2026-1243: vulnerable versions 3.0.15, 3.1.0, and 3.2.0 allow an authenticated user to embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. Remediation per IBM Security Bulletin: upgrade to 3.0.15 IF009, 3....

5.4CVSS5.5AI score0.00207EPSS
CVE
CVE
added 2025/10/14 2:8 p.m.19 views

CVE-2025-27906

Summary: CVE-2025-27906 affects IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0, exposing a directory listing via an application URL. The IBM bulletin confirms an LFI-style exposure where an authenticated attacker can view file and folder names in the server’s browser, but cannot read or m...

5.3CVSS6.1AI score0.00279EPSS