Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database.
**CVEID:**CVE-2014-0858
DESCRIPTION:
Improper authorization by non-admin user
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90864> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
IBM Content Navigator 2.0.0, 2.0.1, and 2.0.2
IBM Content Navigator is a component that is available to customers in these products (and the products that contain them):
· IBM Content Manager
· IBM FileNet Content Manager
· IBM Content Foundation
· IBM Content Manager OnDemand
Version 2.0.0: Upgrade to Content Navigator 2.0.2 and apply fix pack 2.0.2.2-ICN-FP002
Version 2.0.1: Upgrade to Content Navigator 2.0.2 and apply fix pack 2.0.2.2-ICN-FP002
Version 2.0.2: Apply fix pack 2.0.2.2-ICN-FP002
None known, apply fixes
CPE | Name | Operator | Version |
---|---|---|---|
ibm content navigator | eq | 2.0.2 | |
ibm content navigator | eq | 2.0.1 | |
ibm content navigator | eq | 2.0 |