Arbitrary Code Execution in IBM Content Navigator by IBM
CVE-2019-4034
6.3MEDIUM
Summary
The flaw in IBM Content Navigator 3.0CD could potentially enable an attacker to execute arbitrary code on a user's workstation. This occurs when users edit executable files within the Content Navigator interface, as the files are executed directly on the local system. This vulnerability raises significant security concerns as it can exploit user-level permissions, allowing harmful actions that can compromise data integrity and confidentiality.
Affected Version(s)
Content Navigator 3.0CD
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved