Arbitrary Code Execution in IBM Content Navigator by IBM
CVE-2019-4034

6.3MEDIUM

Key Information:

Vendor
IBM
Status
Content Navigator
Vendor
CVE Published:
14 March 2019

Summary

The flaw in IBM Content Navigator 3.0CD could potentially enable an attacker to execute arbitrary code on a user's workstation. This occurs when users edit executable files within the Content Navigator interface, as the files are executed directly on the local system. This vulnerability raises significant security concerns as it can exploit user-level permissions, allowing harmful actions that can compromise data integrity and confidentiality.

Affected Version(s)

Content Navigator 3.0CD

References

http://www.securityfocus.com/bid/107426
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=ibm10869066
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/156000
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.