CVE-2022-43581

CWE-119Buffer OverflowCWE-862Missing Authorization3 documents3 sources
Severity
8.8HIGH
EPSS
0.8%
top 25.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Content Navigator
Timeline
PublishedDec 7

Description

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

NVDibm/content_navigator3.0.03.0.12
CVEListV5ibm/content_navigator3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Content Navigator code execution2022-12-07
GHSA
GHSA-x8v4-7grp-4rw2: IBM Content Navigator 32022-12-07
CVE-2022-43581 (HIGH CVSS 8.8) | IBM Content Navigator 3.0.0 | cvebase.io