CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4034
https://notcve.org/view.php?id=CVE-2019-4034
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000. IBM Content Navigator 3.0CD podría permitir que un atacante ejecute código arbitrario en el puesto de trabajo de un usuario. Al editar un archivo ejecutable en ICN con el servicio "Edit", se ejecutará en el puesto de trabajo del usuario. • http://www.securityfocus.com/bid/107426 https://exchange.xforce.ibmcloud.com/vulnerabilities/156000 https://www.ibm.com/support/docview.wss?uid=ibm10869066 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1496
https://notcve.org/view.php?id=CVE-2018-1496
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219. IBM Content Navigator, en sus versiones 2.0.3, 3.0.0, 3.0.1, 3.0.2 y 3.0.3 , es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22015420 http://www.securityfocus.com/bid/104374 https://exchange.xforce.ibmcloud.com/vulnerabilities/141219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1366
https://notcve.org/view.php?id=CVE-2018-1366
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452. IBM Content Navigator 2.0 y 3.0 es vulnerable a una inyección CSV (Comma Separated Value). Un atacante podría explotar esta vulnerabilidad para explotar otras vulnerabilidades en software de hojas de cálculo. • http://www.ibm.com/support/docview.wss?uid=swg22012674 https://exchange.xforce.ibmcloud.com/vulnerabilities/137452 •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1364
https://notcve.org/view.php?id=CVE-2018-1364
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449. Las versiones 2.0 y 3.0 de IBM Content Navigator son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22012595 http://www.securityfocus.com/bid/102864 https://exchange.xforce.ibmcloud.com/vulnerabilities/137449 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1522
https://notcve.org/view.php?id=CVE-2017-1522
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. IBM Content Navigator CMIS, en sus versiones 2.0.3, 3.0.0 y 3.0.1, es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22008162 https://exchange.xforce.ibmcloud.com/vulnerabilities/129832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •