CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43581 – IBM Content Navigator code execution
https://notcve.org/view.php?id=CVE-2022-43581
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11 y 3.0.12 es vulnerable a la falta de autorización y podría permitir que un usuario autenticado cargue complementos externos y ejecute código. ID de IBM X-Force: 238805. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238805 https://www.ibm.com/support/pages/node/6844453 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4687
https://notcve.org/view.php?id=CVE-2020-4687
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. IBM Content Navigator versiones 3.0.7 y 3.0.8, podrían permitir a un usuario autenticado visualizar el contenido en memoria caché de otro usuario al que no debería tener acceso. IBM X-Force ID: 186679. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186679 https://www.ibm.com/support/pages/node/6262423 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4548
https://notcve.org/view.php?id=CVE-2020-4548
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. IBM Content Navigator versiones 3.0.7 y 3.0.8, es vulnerable a una comprobación de entrada inapropiada. Un administrador malicioso podría omitir la interfaz de usuario y enviar peticiones al servidor de IBM Content Navigator con caracteres ilegales que podrían ser almacenados en la base de datos de IBM Content Navigator. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183316 https://www.ibm.com/support/pages/node/6262411 • CWE-20: Improper Input Validation •