IBME1F6247C3D6944BE2AC3C5F664280E3F9B2C071FADB21A7CE212D53111D2132FSecurity Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)
0.001 Low
EPSS
Percentile
30.7%
Summary
Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database.
Vulnerability Details
**CVEID:**CVE-2014-0858
DESCRIPTION:
Improper authorization by non-admin user
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90864> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products and Versions
IBM Content Navigator 2.0.0, 2.0.1, and 2.0.2
IBM Content Navigator is a component that is available to customers in these products (and the products that contain them):
· IBM Content Manager
· IBM FileNet Content Manager
· IBM Content Foundation
· IBM Content Manager OnDemand
Remediation/Fixes
Version 2.0.0: Upgrade to Content Navigator 2.0.2 and apply fix pack 2.0.2.2-ICN-FP002
Version 2.0.1: Upgrade to Content Navigator 2.0.2 and apply fix pack 2.0.2.2-ICN-FP002
Version 2.0.2: Apply fix pack 2.0.2.2-ICN-FP002
Workarounds and Mitigations
None known, apply fixes
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm content navigator | eq | 2.0.2 | |
| ibm content navigator | eq | 2.0.1 | |
| ibm content navigator | eq | 2.0 |
Related
0.001 Low
EPSS
Percentile
30.7%