CVE-2017-1282 | Cyber Solutions By Thales

Abstract Advisory Information

Security issue affecting the product IBM CONTENT NAVIGATOR, the feature to add a document is vulnerable to Cross Site Scripting attack.

IBM Support Reference: 2002356

IBM Security Bulletin:

http://www-01.ibm.com/support/docview.wss?uid=swg22002356

Author: Dominique Righetto

Version affected

Versions 2.0.3.5, 2.0.3.6, 2.0.3.7, 2.0.3.8, 3.0.0.

Common Vulnerability Scoring System

5.4

Patches

The vulnerability is fixed is the following VRMF (contact customer support center for the fix and instructions):

2.0.3.8

3.0.0

Vulnerability Disclosure Timeline

2017-04-13: Security note sent to IBM Product Security Incident Response Team about the vulnerability.
2017-04-13: Acknowledge from IBM Product Security Incident Response Team about reception of our note.
2017-04-25: Acknowledge from IBM Product Security Incident Response Team about the issue validity and start working on a fix (CVE ID created by IBM).
2017-05-24: Publishing of the security bulletin by IBM indicating the availability of patches.
2017-05-26: Publishing of the Security Advisory.