IBM Content Navigator has addressed the following vulnerability.
CVEID:CVE-2018-1364**
DESCRIPTION: *IBM Content Navigator is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 8.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137449 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected IBM Content Navigator
|
Affected Versions
β|β
IBM Content Navigator| 2.0.3
IBM Content Navigator| 3.0.2
IBM Content Navigator| 3.0.3
Product
|
VRMF
|
Remediation / First Fix
β|β|β
IBM Content Navigator| 2.0.3| Contact customer support center for the fix and instructions.
IBM Content Navigator| 3.0.2| Contact customer support center for the fix and instructions.
IBM Content Navigator| 3.0.3| Contact customer support center for the fix and instructions.
None