cnvd - cnvd-2020-10128

cnvd-2020-10128

Vulnerability from cnvd

Title: IBM Content Navigator服务器端请求伪造漏洞

Description:

IBM Content Navigator是一个Web客户端，为用户提供控制台，使用户能够随时随地从企业中的任何位置通过几乎任何移动设备访问、管理和使用企业内容。

IBM Content Navigator 3.0CD存在服务器端请求伪造漏洞。未认证攻击者可利用该漏洞从系统发送未经授权的请求，从而可进行网络枚举或发起其他攻击。

Severity: 中

Patch Name: IBM Content Navigator服务器端请求伪造漏洞的补丁

Patch Description:

IBM Content Navigator是一个Web客户端，为用户提供控制台，使用户能够随时随地从企业中的任何位置通过几乎任何移动设备访问、管理和使用企业内容。

IBM Content Navigator 3.0CD存在服务器端请求伪造漏洞。未认证攻击者可利用该漏洞从系统发送未经授权的请求，从而可进行网络枚举或发起其他攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/1846569

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-4741

Impacted products

Name
IBM IBM Content Navigator 3.0CD

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-4741",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-4741"
    }
  },
  "description": "IBM Content Navigator\u662f\u4e00\u4e2aWeb\u5ba2\u6237\u7aef\uff0c\u4e3a\u7528\u6237\u63d0\u4f9b\u63a7\u5236\u53f0\uff0c\u4f7f\u7528\u6237\u80fd\u591f\u968f\u65f6\u968f\u5730\u4ece\u4f01\u4e1a\u4e2d\u7684\u4efb\u4f55\u4f4d\u7f6e\u901a\u8fc7\u51e0\u4e4e\u4efb\u4f55\u79fb\u52a8\u8bbe\u5907\u8bbf\u95ee\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u4f01\u4e1a\u5185\u5bb9\u3002\n\nIBM Content Navigator 3.0CD\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u7cfb\u7edf\u53d1\u9001\u672a\u7ecf\u6388\u6743\u7684\u8bf7\u6c42\uff0c\u4ece\u800c\u53ef\u8fdb\u884c\u7f51\u7edc\u679a\u4e3e\u6216\u53d1\u8d77\u5176\u4ed6\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/1846569",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-10128",
  "openTime": "2020-02-18",
  "patchDescription": "IBM Content Navigator\u662f\u4e00\u4e2aWeb\u5ba2\u6237\u7aef\uff0c\u4e3a\u7528\u6237\u63d0\u4f9b\u63a7\u5236\u53f0\uff0c\u4f7f\u7528\u6237\u80fd\u591f\u968f\u65f6\u968f\u5730\u4ece\u4f01\u4e1a\u4e2d\u7684\u4efb\u4f55\u4f4d\u7f6e\u901a\u8fc7\u51e0\u4e4e\u4efb\u4f55\u79fb\u52a8\u8bbe\u5907\u8bbf\u95ee\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u4f01\u4e1a\u5185\u5bb9\u3002\r\n\r\nIBM Content Navigator 3.0CD\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u7cfb\u7edf\u53d1\u9001\u672a\u7ecf\u6388\u6743\u7684\u8bf7\u6c42\uff0c\u4ece\u800c\u53ef\u8fdb\u884c\u7f51\u7edc\u679a\u4e3e\u6216\u53d1\u8d77\u5176\u4ed6\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Content Navigator\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM Content Navigator 3.0CD"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-4741",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-18",
  "title": "IBM Content Navigator\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2019-4741 (GCVE-0-2019-4741)

Vulnerability from cvelistv5

Published

2020-02-12 16:10

Modified

2024-09-17 00:56

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CWE

Gain Access

Summary

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.

References

▼	URL	Tags
	https://www.ibm.com/support/pages/node/1846569	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/172815	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Content Navigator	Version: 3.0CD

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:49.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1846569"
          },
          {
            "name": "ibm-cn-cve20194741-ssrf (172815)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Content Navigator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "3.0CD"
            }
          ]
        }
      ],
      "datePublic": "2020-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:L/C:N/AV:N/A:N/S:U/PR:N/UI:N/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-12T16:10:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1846569"
        },
        {
          "name": "ibm-cn-cve20194741-ssrf (172815)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-10T00:00:00",
          "ID": "CVE-2019-4741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Content Navigator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1846569",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1846569 (Content Navigator)",
              "url": "https://www.ibm.com/support/pages/node/1846569"
            },
            {
              "name": "ibm-cn-cve20194741-ssrf (172815)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4741",
    "datePublished": "2020-02-12T16:10:18.241431Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:56:22.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted