Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-43581
HistoryDec 07, 2022 - 6:15 p.m.

CVE-2022-43581

2022-12-0718:15:10
CWE-119
CWE-862
[email protected]
web.nvd.nist.gov
41
ibm
content navigator
3.x
missing authorization
vulnerability
authenticated user
external plugins
execute code
nvd
cve-2022-43581
ibm x-force id 238805

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.

Affected configurations

Vulners
NVD
Node
ibmcontent_navigatorMatch3.0.0
OR
ibmcontent_navigatorMatch3.0.1
OR
ibmcontent_navigatorMatch3.0.2
OR
ibmcontent_navigatorMatch3.0.3
OR
ibmcontent_navigatorMatch3.0.4
OR
ibmcontent_navigatorMatch3.0.5
OR
ibmcontent_navigatorMatch3.0.6
OR
ibmcontent_navigatorMatch3.0.7
OR
ibmcontent_navigatorMatch3.0.8
OR
ibmcontent_navigatorMatch3.0.9
OR
ibmcontent_navigatorMatch3.0.10
OR
ibmcontent_navigatorMatch3.0.11
OR
ibmcontent_navigatorMatch3.0.12
VendorProductVersionCPE
ibmcontent_navigator3.0.0cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:*:*:*:*
ibmcontent_navigator3.0.1cpe:2.3:a:ibm:content_navigator:3.0.1:*:*:*:*:*:*:*
ibmcontent_navigator3.0.2cpe:2.3:a:ibm:content_navigator:3.0.2:*:*:*:*:*:*:*
ibmcontent_navigator3.0.3cpe:2.3:a:ibm:content_navigator:3.0.3:*:*:*:*:*:*:*
ibmcontent_navigator3.0.4cpe:2.3:a:ibm:content_navigator:3.0.4:*:*:*:*:*:*:*
ibmcontent_navigator3.0.5cpe:2.3:a:ibm:content_navigator:3.0.5:*:*:*:*:*:*:*
ibmcontent_navigator3.0.6cpe:2.3:a:ibm:content_navigator:3.0.6:*:*:*:*:*:*:*
ibmcontent_navigator3.0.7cpe:2.3:a:ibm:content_navigator:3.0.7:*:*:*:*:*:*:*
ibmcontent_navigator3.0.8cpe:2.3:a:ibm:content_navigator:3.0.8:*:*:*:*:*:*:*
ibmcontent_navigator3.0.9cpe:2.3:a:ibm:content_navigator:3.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Content Navigator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12"
      }
    ]
  }
]

Related

ibm 2
nvd 1
prion 1
cvelist 1
ibm
ibm
Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.
2022-12-21 19:50:45
Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow
2023-03-23 22:37:32
nvd
nvd
CVE-2022-43581
2022-12-07 18:15:10
prion
prion
Authorization
2022-12-07 18:15:00
cvelist
cvelist
CVE-2022-43581 IBM Content Navigator code execution
2022-12-07 17:07:51

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON
Related for CVE-2022-43581
ibm2nvd1prion1cvelist1