Content Navigator
Monthly
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.