IBM40BCAEA021864AA0E30611FD47BCD6494E66310B95DFC4AAF109C9767B9B1A81Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability
0.0005 Low
EPSS
Percentile
18.9%
Summary
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Vulnerability Details
CVEID: CVE-2017-1282**
DESCRIPTION:** IBM Content Navigator & CMIS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124760 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Content Navigator versions 2.0.3.5 - 2.0.3.8
IBM Content Navigator version 3.0.0
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Content Navigator| 2.0.3.8| Contact customer support center for the fix and instructions
IBM Content Navigator| 3.0.0| Contact customer support center for the fix and instructions
Workarounds and Mitigations
None
Related
0.0005 Low
EPSS
Percentile
18.9%