CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1CVE-2020-4757
https://notcve.org/view.php?id=CVE-2020-4757
21 Dec 2020 — IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. IBM FileNet Content Manager e IBM Content Navigator versión 3.0.CD, es vulnerables a unos ataques de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios inse... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4760
https://notcve.org/view.php?id=CVE-2020-4760
10 Nov 2020 — IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737. IBM Content Navigator versión 3.0CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la func... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4704
https://notcve.org/view.php?id=CVE-2020-4704
10 Nov 2020 — IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189. IBM Content Navigator versión 3.0CD, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alt... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4687
https://notcve.org/view.php?id=CVE-2020-4687
20 Aug 2020 — IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. IBM Content Navigator versiones 3.0.7 y 3.0.8, podrían permitir a un usuario autenticado visualizar el contenido en memoria caché de otro usuario al que no debería tener acceso. IBM X-Force ID: 186679. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186679 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4548
https://notcve.org/view.php?id=CVE-2020-4548
20 Aug 2020 — IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. IBM Content Navigator versiones 3.0.7 y 3.0.8, es vulnerable a una comprobación de entrada inapropiada. Un administrador malicioso podría omitir la interfaz de usuario y enviar peticiones al servidor de IBM Con... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183316 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4309
https://notcve.org/view.php?id=CVE-2020-4309
24 Mar 2020 — IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. IBM Content Navigator versión 3.0CD, podría revelar información confidencial a un usuario no autenticado que podría ser usada para ayudar en nuevos ataques contra el sistema. ID de IBM X-Force: 177080. • https://exchange.xforce.ibmcloud.com/vulnerabilities/177080 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4253
https://notcve.org/view.php?id=CVE-2020-4253
24 Mar 2020 — IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. IBM Content Navigator versión 3.0CD, no invalida una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. ID de IBM X-Force: 175559. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175559 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4741
https://notcve.org/view.php?id=CVE-2019-4741
12 Feb 2020 — IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815. IBM Content Navigator versión 3.0CD es vulnerable a un ataque de tipo Server Side Request Forgery (SSRF). Esto puede permitir a un atacante no autenticado enviar peticiones no autorizadas desde el sistema, conllevando a una enumeración de la r... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172815 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4679
https://notcve.org/view.php?id=CVE-2019-4679
28 Jan 2020 — IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515. IBM Content Navigator versión 3.0CD, podría permitir a un usuario autenticado conseguir información sobre el sistema operativo de alojamiento y la versión que podría ser usada en nuevos ataques contra el sistema. ID de IBM X-Force: 171515. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171515 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4571
https://notcve.org/view.php?id=CVE-2019-4571
25 Sep 2019 — IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. Content Navigator versión 3.0CD de IBM es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166721 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •