Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCE2AEC5623B92F242AE106C2A6ABD7048E117739163CBA2EB9F4287CFABD689D
HistoryDec 21, 2022 - 7:50 p.m.

Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.

2022-12-2119:50:45
www.ibm.com
82
ibm content navigator
missing authorization
code execution
cve-2022-43581
version 3.0.0 - 3.0.12
fix instructions

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.5%

JSON

Summary

IBM Content Navigator is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code.

Vulnerability Details

CVEID:CVE-2022-43581
**DESCRIPTION:**IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238805 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
—|—
IBM Content Navigator| 3.0.0 - 3.0.12

Remediation/Fixes

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Content Navigator 3.0.12 IF003 Download 3.0.12 IF003 and follow instructions
IBM Content Navigator 3.0.11 IF007 Download 3.0.11 IF007 and follow instructions

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcontent_navigatorMatch3.0.0
OR
ibmcontent_navigatorMatch3.0.1
OR
ibmcontent_navigatorMatch3.0.2
OR
ibmcontent_navigatorMatch3.0.3
OR
ibmcontent_navigatorMatch3.0.4
OR
ibmcontent_navigatorMatch3.0.5
OR
ibmcontent_navigatorMatch3.0.6
OR
ibmcontent_navigatorMatch3.0.7
OR
ibmcontent_navigatorMatch3.0.8
OR
ibmcontent_navigatorMatch3.0.9
OR
ibmcontent_navigatorMatch3.0.10
OR
ibmcontent_navigatorMatch3.0.11
OR
ibmcontent_navigatorMatch3.0.12
VendorProductVersionCPE
ibmcontent_navigator3.0.0cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:*:*:*:*
ibmcontent_navigator3.0.1cpe:2.3:a:ibm:content_navigator:3.0.1:*:*:*:*:*:*:*
ibmcontent_navigator3.0.2cpe:2.3:a:ibm:content_navigator:3.0.2:*:*:*:*:*:*:*
ibmcontent_navigator3.0.3cpe:2.3:a:ibm:content_navigator:3.0.3:*:*:*:*:*:*:*
ibmcontent_navigator3.0.4cpe:2.3:a:ibm:content_navigator:3.0.4:*:*:*:*:*:*:*
ibmcontent_navigator3.0.5cpe:2.3:a:ibm:content_navigator:3.0.5:*:*:*:*:*:*:*
ibmcontent_navigator3.0.6cpe:2.3:a:ibm:content_navigator:3.0.6:*:*:*:*:*:*:*
ibmcontent_navigator3.0.7cpe:2.3:a:ibm:content_navigator:3.0.7:*:*:*:*:*:*:*
ibmcontent_navigator3.0.8cpe:2.3:a:ibm:content_navigator:3.0.8:*:*:*:*:*:*:*
ibmcontent_navigator3.0.9cpe:2.3:a:ibm:content_navigator:3.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

Related

prion 1
cve 1
nvd 1
cvelist 1
ibm 1
prion
prion
Authorization
2022-12-07 18:15:00
cve
cve
CVE-2022-43581
2022-12-07 18:15:10
nvd
nvd
CVE-2022-43581
2022-12-07 18:15:10
cvelist
cvelist
CVE-2022-43581 IBM Content Navigator code execution
2022-12-07 17:07:51
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow
2023-03-23 22:37:32

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.5%

JSON
Related for CE2AEC5623B92F242AE106C2A6ABD7048E117739163CBA2EB9F4287CFABD689D
prion1cve1nvd1cvelist1ibm1