Description
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/6844453
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/238805
Scores
CVSS v3
7.5
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-862
Status
published
Products (1)
ibm/content_navigator
3.0.0 - 3.0.12
Published
Dec 07, 2022
Tracked Since
Feb 18, 2026