CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4548
https://notcve.org/view.php?id=CVE-2020-4548
20 Aug 2020 — IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. IBM Content Navigator versiones 3.0.7 y 3.0.8, es vulnerable a una comprobación de entrada inapropiada. Un administrador malicioso podría omitir la interfaz de usuario y enviar peticiones al servidor de IBM Con... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183316 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4309
https://notcve.org/view.php?id=CVE-2020-4309
24 Mar 2020 — IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. IBM Content Navigator versión 3.0CD, podría revelar información confidencial a un usuario no autenticado que podría ser usada para ayudar en nuevos ataques contra el sistema. ID de IBM X-Force: 177080. • https://exchange.xforce.ibmcloud.com/vulnerabilities/177080 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4253
https://notcve.org/view.php?id=CVE-2020-4253
24 Mar 2020 — IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. IBM Content Navigator versión 3.0CD, no invalida una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. ID de IBM X-Force: 175559. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175559 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4741
https://notcve.org/view.php?id=CVE-2019-4741
12 Feb 2020 — IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815. IBM Content Navigator versión 3.0CD es vulnerable a un ataque de tipo Server Side Request Forgery (SSRF). Esto puede permitir a un atacante no autenticado enviar peticiones no autorizadas desde el sistema, conllevando a una enumeración de la r... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172815 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4679
https://notcve.org/view.php?id=CVE-2019-4679
28 Jan 2020 — IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515. IBM Content Navigator versión 3.0CD, podría permitir a un usuario autenticado conseguir información sobre el sistema operativo de alojamiento y la versión que podría ser usada en nuevos ataques contra el sistema. ID de IBM X-Force: 171515. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171515 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4571
https://notcve.org/view.php?id=CVE-2019-4571
25 Sep 2019 — IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. Content Navigator versión 3.0CD de IBM es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166721 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4263
https://notcve.org/view.php?id=CVE-2019-4263
11 Jul 2019 — IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. Content Navigator versión 3.0CD de IBM, es vulnerable a la inclusión de archivos locales, permitiendo a un atacante acceder a un archivo de configuración en el servidor ICN. ID de IBM X-Force: 160015. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160015 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4092
https://notcve.org/view.php?id=CVE-2019-4092
25 Apr 2019 — IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. IBM Content Navigator versió... • http://www.ibm.com/support/docview.wss?uid=ibm10874754 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4033
https://notcve.org/view.php?id=CVE-2019-4033
25 Apr 2019 — IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999. IBM Content Navigator versión 2.0.3 y versión 3.0CD es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios introducir un código JavaScript arbitrario en la interfaz del usuario web, por... • https://exchange.xforce.ibmcloud.com/vulnerabilities/155999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4035
https://notcve.org/view.php?id=CVE-2019-4035
22 Mar 2019 — IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. IBM Content Navigator 3.0CD podría permitir que los atacantes dirijan el tráfico web a un sitio malicioso. • http://www.ibm.com/support/docview.wss?uid=ibm10869060 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •