Every CVE whose affected-product data names Ibm Content Navigator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2020-4253 — CVSS 8.8 (high): IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on…
CVE-2019-4034 — CVSS 8.8 (high): IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file…
CVE-2018-1364 — CVSS 8.2 (high): IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker…
CVE-2018-1366 — CVSS 7.8 (high): IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to…
CVE-2022-43581 — CVSS 7.5 (high): IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to…
CVE-2021-29714 — CVSS 6.5 (medium): IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID…
CVE-2020-4757 — CVSS 6.4 (medium): IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users…
CVE-2019-4092 — CVSS 6.1 (medium): IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By…
CVE-2017-1502 — CVSS 5.4 (medium): IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2017-1522 — CVSS 5.4 (medium): IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2018-1496 — CVSS 5.4 (medium): IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2019-4033 — CVSS 5.4 (medium): IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2019-4035 — CVSS 5.4 (medium): IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator…
CVE-2019-4571 — CVSS 5.4 (medium): IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2021-20550 — CVSS 5.4 (medium): IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2026-1243 — CVSS 5.4 (medium): IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to…
CVE-2021-20549 — CVSS 5.4 (medium): IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2021-20448 — CVSS 5.4 (medium): IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2020-4704 — CVSS 5.4 (medium): IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2020-4760 — CVSS 5.4 (medium): IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2024-56341 — CVSS 5.4 (medium): IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to…
CVE-2024-51475 — CVSS 5.4 (medium): IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which…
CVE-2023-35896 — CVSS 5.4 (medium): IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2017-1146 — CVSS 5.4 (medium): IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2017-1282 — CVSS 5.4 (medium): IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1331 — CVSS 5.4 (medium): IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2019-4741 — CVSS 5.3 (medium): IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send…
CVE-2020-4309 — CVSS 5.3 (medium): IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks…
CVE-2025-27906 — CVSS 5.3 (medium): IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL…
CVE-2023-40684 — CVSS 4.6 (medium): IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability…
CVE-2013-5462 — CVSS 4.3 (medium): IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2…
CVE-2019-4679 — CVSS 4.3 (medium): IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could…
CVE-2019-4263 — CVSS 4.3 (medium): IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server…
CVE-2020-4687 — CVSS 4.3 (medium): IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have…
CVE-2014-8911 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002…
CVE-2020-4934 — CVSS 4.3 (medium): IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2014-0858 — CVSS 3.5 (low): IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct…
CVE-2014-0874 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject…
CVE-2015-1888 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in…
CVE-2020-4548 — CVSS 2.7 (low): IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface…