CVE-2020-4687

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 69.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Content Navigator
Timeline
PublishedAug 20
Latest updateMay 24

Description

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/content_navigator3.0.7, 3.0.8+1
NVDibm/content_navigator3.0.0, 3.0.7, 3.0.8+2

🔴Vulnerability Details

2
GHSA
GHSA-7c88-j563-v234: IBM Content Navigator 32022-05-24
CVEList
CVE-2020-4687: IBM Content Navigator 32020-08-20

📋Vendor Advisories

1
Microsoft
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability2020-11-10
CVE-2020-4687 (MEDIUM CVSS 4.3) | IBM Content Navigator 3.0.7 and 3.0 | cvebase.io