CVE-2019-4035 — Open Redirect in IBM Content Navigator

CWE-601 — Open Redirect53 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 68.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Content Navigator

Timeline

PublishedMar 22

Latest updateMay 13

Description

IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/content_navigator3.0CD

▶NVDibm/content_navigator3.0.0

🔴Vulnerability Details

GHSA

GHSA-2h27-fv2f-c56r: IBM Content Navigator 3↗2022-05-13

▶

CVEList

CVE-2019-4035: IBM Content Navigator 3↗2019-03-22

▶

💬Community

Bugzilla

CVE-2019-8619 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08

▶

Bugzilla

CVE-2019-8622 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08

▶

Bugzilla

CVE-2019-8610 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08

▶

Bugzilla

CVE-2019-8594 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08

▶

Bugzilla

CVE-2019-8597 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08

▶