Lucene search

IBM44486645CB8B21001470649F236B0B98DBF133C6C57E461D92ABFC7DC06202BD

HistoryAug 02, 2024 - 3:35 a.m.

Security Bulletin: IBM Content Navigator is vulnerable to Cross Site Port Attack due to Daeja ViewONE (CVE-2024-31897)

2024-08-0203:35:10

www.ibm.com

ibm content navigator

cross site port attack

daeja viewone

cve-2024-31897

ibm cloud pak

business automation

ssrf vulnerability

upgrade

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

JSON

Summary

Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2024-31897

Vulnerability Details

CVEID:CVE-2024-31897
**DESCRIPTION:**IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288178 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Content Navigator	3.0.15
IBM Content Navigator	3.0.14
IBM Content Navigator	3.0.11

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s) number and/or range	Remediation/Fix/Instructions
IBM Content Navigator	3.0.15 IF003	Download 3.0.15 IF003 and follow instructions
IBM Content Navigator	3.0.14 IF006	Download 3.0.14 IF006 and follow instructions
IBM Content Navigator	3.0.11 IF017	Download 3.0.11 IF017 and follow instructions

Workarounds and Mitigations

None.

Affected configurations

Vulners

Node

ibmcontent_navigatorMatch3.0.15

ibmcontent_navigatorMatch003

ibmcontent_navigatorMatch3.0.14

ibmcontent_navigatorMatch003

ibmcontent_navigatorMatch3.0.11

ibmcontent_navigatorMatch017

ibmcontent_navigatorMatch3.0.15

ibmcontent_navigatorMatch003

ibmcontent_navigatorMatch3.0.14

ibmcontent_navigatorMatch006

ibmcontent_navigatorMatch3.0.11

ibmcontent_navigatorMatch017

VendorProductVersionCPE
ibmcontent_navigator3.0.15cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*
ibmcontent_navigator003cpe:2.3:a:ibm:content_navigator:003:*:*:*:*:*:*:*
ibmcontent_navigator3.0.14cpe:2.3:a:ibm:content_navigator:3.0.14:*:*:*:*:*:*:*
ibmcontent_navigator3.0.11cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*
ibmcontent_navigator017cpe:2.3:a:ibm:content_navigator:017:*:*:*:*:*:*:*
ibmcontent_navigator006cpe:2.3:a:ibm:content_navigator:006:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	content_navigator	3.0.15	cpe:2.3:a:ibm:content_navigator:3.0.15:::::::*
ibm	content_navigator	003	cpe:2.3:a:ibm:content_navigator:003:::::::*
ibm	content_navigator	3.0.14	cpe:2.3:a:ibm:content_navigator:3.0.14:::::::*
ibm	content_navigator	3.0.11	cpe:2.3:a:ibm:content_navigator:3.0.11:::::::*
ibm	content_navigator	017	cpe:2.3:a:ibm:content_navigator:017:::::::*
ibm	content_navigator	006	cpe:2.3:a:ibm:content_navigator:006:::::::*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

JSON

Related for 44486645CB8B21001470649F236B0B98DBF133C6C57E461D92ABFC7DC06202BD