CVE-2017-1331

CVE-2017-1331

by webmestre

Abstract Advisory Information

Security issue affecting the product IBM CONTENT NAVIGATOR, the feature to add a document is vulnerable to stored Cross Site Scripting attack if the document added is an HTML file.

IBM Support Reference: 2003928

IBM Security Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg22003928

Version affected

Versions 2.0.3.5, 2.0.3.6, 2.0.3.7, 2.0.3.8, 3.0.0

Common Vulnerability Scoring System

5.4

Patches

The vulnerability is fixed  is the following VRMF (contact customer support center for the fix and instructions):

2.0.3.8

3.0.1

Vulnerability Disclosure Timeline

  • 2017-04-13: Security note sent to IBM Product Security Incident Response Team about the vulnerability.
  • 2017-04-13: Acknowledge from IBM Product Security Incident Response Team about reception of our note.
  • 2017-05-18: Acknowledge from IBM Product Security Incident Response Team about the issue validity and start working on a fix (CVE ID created by IBM).
  • 2017-08-03: Publishing of the security bulletin by IBM indicating the availability of patches.
  • 2017-08-04: Publishing of the Security Advisory.
Top