Lucene search

IbmCVELIST:CVE-2022-43581

HistoryDec 07, 2022 - 5:07 p.m.

CVE-2022-43581 IBM Content Navigator code execution

2022-12-0717:07:51

CWE-119

ibm

www.cve.org

ibm content navigator

code execution

authorization

authenticated user

external plugins

x-force id

238805

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Content Navigator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/238805

www.ibm.com/support/pages/node/6844453

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Related for CVELIST:CVE-2022-43581