cnvd - cnvd-2020-10128

CNVD-2020-10128

Vulnerability from cnvd - Published: 2020-02-18

Title

IBM Content Navigator服务器端请求伪造漏洞

Description

IBM Content Navigator是一个Web客户端，为用户提供控制台，使用户能够随时随地从企业中的任何位置通过几乎任何移动设备访问、管理和使用企业内容。 IBM Content Navigator 3.0CD存在服务器端请求伪造漏洞。未认证攻击者可利用该漏洞从系统发送未经授权的请求，从而可进行网络枚举或发起其他攻击。

Severity

中

Patch Name

IBM Content Navigator服务器端请求伪造漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/1846569

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-4741

Impacted products

Name
IBM IBM Content Navigator 3.0CD

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-4741",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-4741"
    }
  },
  "description": "IBM Content Navigator\u662f\u4e00\u4e2aWeb\u5ba2\u6237\u7aef\uff0c\u4e3a\u7528\u6237\u63d0\u4f9b\u63a7\u5236\u53f0\uff0c\u4f7f\u7528\u6237\u80fd\u591f\u968f\u65f6\u968f\u5730\u4ece\u4f01\u4e1a\u4e2d\u7684\u4efb\u4f55\u4f4d\u7f6e\u901a\u8fc7\u51e0\u4e4e\u4efb\u4f55\u79fb\u52a8\u8bbe\u5907\u8bbf\u95ee\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u4f01\u4e1a\u5185\u5bb9\u3002\n\nIBM Content Navigator 3.0CD\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u7cfb\u7edf\u53d1\u9001\u672a\u7ecf\u6388\u6743\u7684\u8bf7\u6c42\uff0c\u4ece\u800c\u53ef\u8fdb\u884c\u7f51\u7edc\u679a\u4e3e\u6216\u53d1\u8d77\u5176\u4ed6\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/1846569",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-10128",
  "openTime": "2020-02-18",
  "patchDescription": "IBM Content Navigator\u662f\u4e00\u4e2aWeb\u5ba2\u6237\u7aef\uff0c\u4e3a\u7528\u6237\u63d0\u4f9b\u63a7\u5236\u53f0\uff0c\u4f7f\u7528\u6237\u80fd\u591f\u968f\u65f6\u968f\u5730\u4ece\u4f01\u4e1a\u4e2d\u7684\u4efb\u4f55\u4f4d\u7f6e\u901a\u8fc7\u51e0\u4e4e\u4efb\u4f55\u79fb\u52a8\u8bbe\u5907\u8bbf\u95ee\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u4f01\u4e1a\u5185\u5bb9\u3002\r\n\r\nIBM Content Navigator 3.0CD\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u7cfb\u7edf\u53d1\u9001\u672a\u7ecf\u6388\u6743\u7684\u8bf7\u6c42\uff0c\u4ece\u800c\u53ef\u8fdb\u884c\u7f51\u7edc\u679a\u4e3e\u6216\u53d1\u8d77\u5176\u4ed6\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Content Navigator\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM Content Navigator 3.0CD"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-4741",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-18",
  "title": "IBM Content Navigator\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2019-4741 (GCVE-0-2019-4741)

Vulnerability from cvelistv5 – Published: 2020-02-12 16:10 – Updated: 2024-09-17 00:56

Summary

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/I:L/C:N/AV:N/A:N/S:U/PR:N/UI:N/AC:L/RC:C/E:U/RL:O

CWE

Gain Access

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1846569	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Content Navigator	Affected: 3.0CD

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:49.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1846569"
          },
          {
            "name": "ibm-cn-cve20194741-ssrf (172815)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Content Navigator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "3.0CD"
            }
          ]
        }
      ],
      "datePublic": "2020-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:L/C:N/AV:N/A:N/S:U/PR:N/UI:N/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-12T16:10:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1846569"
        },
        {
          "name": "ibm-cn-cve20194741-ssrf (172815)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-10T00:00:00",
          "ID": "CVE-2019-4741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Content Navigator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0CD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1846569",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1846569 (Content Navigator)",
              "url": "https://www.ibm.com/support/pages/node/1846569"
            },
            {
              "name": "ibm-cn-cve20194741-ssrf (172815)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4741",
    "datePublished": "2020-02-12T16:10:18.241431Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:56:22.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-10128

CVE-2019-4741 (GCVE-0-2019-4741)

Tags

Sightings

Nomenclature