Content Navigator Security Vulnerabilities and Issues — Content Navigator CVE List

Lucene search

IbmContent Navigator

38 matches found

CVE•added 2019/07/11 8:15 p.m.•126 views

CVE-2019-4263

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.

4.3CVSS4.6AI score0.00133EPSS

CVE•added 2022/12/07 6:15 p.m.•65 views

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.

8.8CVSS8AI score0.00074EPSS

CVE•added 2023/11/03 3:15 a.m.•63 views

CVE-2023-35896

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

5.4CVSS5.3AI score0.00046EPSS

CVE•added 2023/10/04 2:15 p.m.•56 views

CVE-2023-40684

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru...

5.4CVSS4.9AI score0.00074EPSS

CVE•added 2020/12/21 6:15 p.m.•50 views

CVE-2020-4757

IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.4CVSS5.8AI score0.00413EPSS

CVE•added 2019/04/25 3:29 p.m.•46 views

CVE-2019-4092

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicio...

6.8CVSS5.8AI score0.00246EPSS

CVE•added 2021/04/27 5:15 p.m.•43 views

CVE-2021-20550

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168.

5.4CVSS5.3AI score0.00158EPSS

CVE•added 2014/02/28 6:18 a.m.•42 views

CVE-2014-0874

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.

3.5CVSS5.3AI score0.00186EPSS

CVE•added 2020/03/24 4:15 p.m.•42 views

CVE-2020-4253

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.

8.8CVSS8.2AI score0.00225EPSS

CVE•added 2025/04/02 3:15 p.m.•42 views

CVE-2024-56341

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS6.5AI score0.00035EPSS

CVE•added 2020/11/10 3:15 p.m.•41 views

CVE-2020-4704

IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189.

6.4CVSS5.1AI score0.00112EPSS

CVE•added 2020/11/10 3:15 p.m.•41 views

CVE-2020-4760

IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737.

5.4CVSS5.2AI score0.00157EPSS

CVE•added 2017/03/20 4:59 p.m.•40 views

CVE-2017-1146

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2020/02/12 4:15 p.m.•39 views

CVE-2019-4741

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.

5.3CVSS5.2AI score0.00319EPSS

CVE•added 2021/04/27 5:15 p.m.•39 views

CVE-2021-20549

5.4CVSS5.3AI score0.00158EPSS

CVE•added 2013/12/19 10:55 p.m.•37 views

CVE-2013-5462

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.

4.3CVSS6.5AI score0.00246EPSS

CVE•added 2020/08/20 4:15 p.m.•37 views

CVE-2020-4687

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.

4.3CVSS4.4AI score0.00119EPSS

CVE•added 2021/04/27 5:15 p.m.•37 views

CVE-2021-20448

5.4CVSS5.3AI score0.00143EPSS

CVE•added 2014/02/27 8:55 p.m.•36 views

CVE-2014-0858

IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.

3.5CVSS6.2AI score0.00121EPSS

CVE•added 2017/08/04 4:29 p.m.•36 views

CVE-2017-1331

IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233.

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2017/10/05 5:29 p.m.•36 views

CVE-2017-1522

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2019/03/14 11:0 p.m.•36 views

CVE-2019-4034

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.

8.8CVSS8.6AI score0.00821EPSS

CVE•added 2019/03/22 7:29 p.m.•36 views

CVE-2019-4035

IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM ...

6.3CVSS5.2AI score0.00128EPSS

CVE•added 2018/05/31 9:29 p.m.•35 views

CVE-2018-1496

IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-...

5.4CVSS5.2AI score0.00216EPSS

CVE•added 2017/05/22 8:29 p.m.•34 views

CVE-2017-1282

IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2015/10/03 10:59 p.m.•33 views

CVE-2015-1888

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitra...

3.5CVSS5.2AI score0.00166EPSS

CVE•added 2021/08/09 4:15 p.m.•33 views

CVE-2021-29714

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.

6.5CVSS6.2AI score0.00198EPSS

CVE•added 2015/02/14 2:59 a.m.•32 views

CVE-2014-8911

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header.

4.3CVSS5.7AI score0.00236EPSS

CVE•added 2017/09/07 4:29 p.m.•32 views

CVE-2017-1502

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2018/01/29 4:29 p.m.•31 views

CVE-2018-1364

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.

8.2CVSS7.9AI score0.00556EPSS

CVE•added 2018/02/07 5:29 p.m.•31 views

CVE-2018-1366

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.

7.8CVSS7.4AI score0.00165EPSS

CVE•added 2020/01/28 7:15 p.m.•29 views

CVE-2019-4679

IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515.

4.3CVSS4.4AI score0.00222EPSS

CVE•added 2020/08/20 4:15 p.m.•29 views

CVE-2020-4548

IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 18331...

4.3CVSS3.6AI score0.00178EPSS

CVE•added 2019/09/25 8:15 p.m.•28 views

CVE-2019-4571

5.4CVSS5.2AI score0.00287EPSS

CVE•added 2020/03/24 4:15 p.m.•28 views

CVE-2020-4309

IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080.

5.3CVSS4.9AI score0.00208EPSS

CVE•added 2021/02/02 3:15 p.m.•28 views

CVE-2020-4934

IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.

4.3CVSS4.8AI score0.00162EPSS

CVE•added 2019/04/25 3:29 p.m.•27 views

CVE-2019-4033

IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999.

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2025/05/16 1:15 a.m.•23 views

CVE-2024-51475

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

6.1CVSS6.9AI score0.00038EPSS