CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43581 – IBM Content Navigator code execution
https://notcve.org/view.php?id=CVE-2022-43581
07 Dec 2022 — IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11 y 3.0.12 es vulnerable a la falta de autorización y podría permitir que un usuario autenticado cargue complementos externos y ejecute código. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/238805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29714
https://notcve.org/view.php?id=CVE-2021-29714
09 Aug 2021 — IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. IBM Content Navigator versión 3.0.CD, podría permitir a un usuario malicioso causar una denegación de servicio debido a una comprobación de entrada inapropiada. IBM X-Force ID: 200968 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200968 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20550
https://notcve.org/view.php?id=CVE-2021-20550
27 Apr 2021 — IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20549
https://notcve.org/view.php?id=CVE-2021-20549
27 Apr 2021 — IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20448
https://notcve.org/view.php?id=CVE-2021-20448
27 Apr 2021 — IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4934
https://notcve.org/view.php?id=CVE-2020-4934
02 Feb 2021 — IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. IBM Content Navigator versión 3.0.CD, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para visualizar archivos arbitrarios ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191752 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1CVE-2020-4757
https://notcve.org/view.php?id=CVE-2020-4757
21 Dec 2020 — IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. IBM FileNet Content Manager e IBM Content Navigator versión 3.0.CD, es vulnerables a unos ataques de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios inse... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4760
https://notcve.org/view.php?id=CVE-2020-4760
10 Nov 2020 — IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737. IBM Content Navigator versión 3.0CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la func... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4704
https://notcve.org/view.php?id=CVE-2020-4704
10 Nov 2020 — IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189. IBM Content Navigator versión 3.0CD, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alt... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4687
https://notcve.org/view.php?id=CVE-2020-4687
20 Aug 2020 — IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. IBM Content Navigator versiones 3.0.7 y 3.0.8, podrían permitir a un usuario autenticado visualizar el contenido en memoria caché de otro usuario al que no debería tener acceso. IBM X-Force ID: 186679. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186679 •