CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4741
https://notcve.org/view.php?id=CVE-2019-4741
IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815. IBM Content Navigator versión 3.0CD es vulnerable a un ataque de tipo Server Side Request Forgery (SSRF). Esto puede permitir a un atacante no autenticado enviar peticiones no autorizadas desde el sistema, conllevando a una enumeración de la red o a facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172815 https://www.ibm.com/support/pages/node/1846569 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4679
https://notcve.org/view.php?id=CVE-2019-4679
IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515. IBM Content Navigator versión 3.0CD, podría permitir a un usuario autenticado conseguir información sobre el sistema operativo de alojamiento y la versión que podría ser usada en nuevos ataques contra el sistema. ID de IBM X-Force: 171515. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171515 https://www.ibm.com/support/pages/node/1283458 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4571
https://notcve.org/view.php?id=CVE-2019-4571
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. Content Navigator versión 3.0CD de IBM es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conducir a la divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166721 https://www.ibm.com/support/pages/node/1073576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4263
https://notcve.org/view.php?id=CVE-2019-4263
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. Content Navigator versión 3.0CD de IBM, es vulnerable a la inclusión de archivos locales, permitiendo a un atacante acceder a un archivo de configuración en el servidor ICN. ID de IBM X-Force: 160015. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160015 https://www.ibm.com/support/docview.wss?uid=ibm10882412 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4092
https://notcve.org/view.php?id=CVE-2019-4092
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. IBM Content Navigator versión 2.0.3 y versión 3.0 CD podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=ibm10874754 https://exchange.xforce.ibmcloud.com/vulnerabilities/157654 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •