CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35896 – IBM Content Navigator server-side request forgery
https://notcve.org/view.php?id=CVE-2023-35896
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. IBM Content Navigator 3.0.13 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259247 https://www.ibm.com/support/pages/node/7065203 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40684 – IBM Content Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-40684
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. IBM Content Navigator 3.0.11, 3.0.13 y 3.0.14 con IBM Daeja ViewOne Virtual es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/264019 https://https://www.ibm.com/support/pages/node/7046226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43581 – IBM Content Navigator code execution
https://notcve.org/view.php?id=CVE-2022-43581
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11 y 3.0.12 es vulnerable a la falta de autorización y podría permitir que un usuario autenticado cargue complementos externos y ejecute código. ID de IBM X-Force: 238805. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238805 https://www.ibm.com/support/pages/node/6844453 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29714
https://notcve.org/view.php?id=CVE-2021-29714
IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. IBM Content Navigator versión 3.0.CD, podría permitir a un usuario malicioso causar una denegación de servicio debido a una comprobación de entrada inapropiada. IBM X-Force ID: 200968 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200968 https://www.ibm.com/support/pages/node/6479397 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20550
https://notcve.org/view.php?id=CVE-2021-20550
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199168 https://www.ibm.com/support/pages/node/6447143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •