CVE-2019-4034 - IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's worksta

CVE-2019-4034

Summary

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.

References

https://www.ibm.com/support/docview.wss?uid=ibm10869066
https://exchange.xforce.ibmcloud.com/vulnerabilities/156000
http://www.securityfocus.com/bid/107426

Vulnerable Configurations

cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:continuous_delivery:*:*:*

CVSS

Base:	6.5 (as of 01-01-2022 - 20:15)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	107426
confirm	https://www.ibm.com/support/docview.wss?uid=ibm10869066
xf	ibm-content-cve20194034-code-exec(156000)

Last major update

01-01-2022 - 20:15

Published

14-03-2019 - 22:29

Last modified

01-01-2022 - 20:15