Skip to main content

Content Navigator CVE-2021-29714

MEDIUM
Improper Input Validation (CWE-20)
2021-08-09 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 09, 2021 - 16:15 nvd
MEDIUM 6.5

DescriptionNVD

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.

AnalysisAI

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. Affected products include: Ibm Content Navigator.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-4757 MEDIUM POC
6.4 Dec 21

IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium

CVE-2022-43581 HIGH
8.8 Dec 07

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 i

CVE-2020-4253 HIGH
8.8 Mar 24

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to imperson

CVE-2019-4034 HIGH
8.8 Mar 14

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. Rated high sev

CVE-2018-1364 HIGH
8.2 Jan 29

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data

CVE-2018-1366 HIGH
7.8 Feb 07

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8)

CVE-2019-4092 MEDIUM
6.1 Apr 25

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect

CVE-2017-1331 MEDIUM
5.4 Aug 04

IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vuln

CVE-2017-1502 MEDIUM
5.4 Sep 07

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS

CVE-2017-1282 MEDIUM
5.4 May 22

IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

CVE-2017-1146 MEDIUM
5.4 Mar 20

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vul

CVE-2017-1522 MEDIUM
5.4 Oct 05

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS

Share

CVE-2021-29714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy