Improper Input Validation in IBM Content Navigator by IBM
CVE-2020-4548

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Content Navigator
Vendor: CVE Published:; 20 August 2020

Summary

IBM Content Navigator versions 3.0.7 and 3.0.8 are susceptible to an issue with improper input validation. A malicious administrator could exploit this vulnerability to bypass the user interface, allowing them to send requests containing illegal characters directly to the server. These characters could be improperly stored in the IBM Content Navigator database, creating significant security risks. Organizations using these versions are advised to remediate the vulnerability to ensure the integrity of their data.

Affected Version(s)

Content Navigator 3.0.7

Content Navigator 3.0.8

References

https://www.ibm.com/support/pages/node/6262411

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/183316

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2020
Vulnerability Reserved
Dec 30, 2019