Skip to main content

Content Navigator CVE-2023-35896

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2023-11-03 psirt@us.ibm.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 03, 2023 - 03:15 nvd
MEDIUM 5.4

DescriptionNVD

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

AnalysisAI

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. Affected products include: Ibm Content Navigator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2020-4757 MEDIUM POC
6.4 Dec 21

IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium

CVE-2022-43581 HIGH
8.8 Dec 07

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 i

CVE-2020-4253 HIGH
8.8 Mar 24

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to imperson

CVE-2019-4034 HIGH
8.8 Mar 14

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. Rated high sev

CVE-2018-1364 HIGH
8.2 Jan 29

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data

CVE-2018-1366 HIGH
7.8 Feb 07

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8)

CVE-2021-29714 MEDIUM
6.5 Aug 09

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation.

CVE-2019-4092 MEDIUM
6.1 Apr 25

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect

CVE-2017-1331 MEDIUM
5.4 Aug 04

IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vuln

CVE-2017-1502 MEDIUM
5.4 Sep 07

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS

CVE-2017-1282 MEDIUM
5.4 May 22

IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

CVE-2017-1146 MEDIUM
5.4 Mar 20

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vul

Share

CVE-2023-35896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy