Ibm

Content Navigator

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2019-4263

  • EPSS 0.13%
  • Veröffentlicht 11.07.2019 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:43:23

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.

6.1

CVE-2019-4092

  • EPSS 0.25%
  • Veröffentlicht 25.04.2019 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:43:10

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof ...

5.4

CVE-2019-4033

  • EPSS 0.16%
  • Veröffentlicht 25.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:43:03

IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi...

5.4

CVE-2019-4035

  • EPSS 0.13%
  • Veröffentlicht 22.03.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:43:04

IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will d...

8.8

CVE-2019-4034

  • EPSS 0.82%
  • Veröffentlicht 14.03.2019 22:29:01
  • Zuletzt bearbeitet 21.11.2024 04:43:03

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.

5.4

CVE-2018-1496

  • EPSS 0.22%
  • Veröffentlicht 31.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:55

IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to creden...

7.8

CVE-2018-1366

  • EPSS 0.17%
  • Veröffentlicht 07.02.2018 17:29:01
  • Zuletzt bearbeitet 21.11.2024 03:59:41

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.

8.2

CVE-2018-1364

  • EPSS 0.53%
  • Veröffentlicht 29.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:41

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

5.4

CVE-2017-1522

  • EPSS 0.2%
  • Veröffentlicht 05.10.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d...

5.4

CVE-2017-1502

  • EPSS 0.23%
  • Veröffentlicht 07.09.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d...