CVE-2017-1331 | Cyber Solutions By Thales

Abstract Advisory Information

Security issue affecting the product IBM CONTENT NAVIGATOR, the feature to add a document is vulnerable to stored Cross Site Scripting attack if the document added is an HTML file.

IBM Support Reference: 2003928

IBM Security Bulletin:

http://www-01.ibm.com/support/docview.wss?uid=swg22003928

Author: Dominique Righetto

Version affected

Versions 2.0.3.5, 2.0.3.6, 2.0.3.7, 2.0.3.8, 3.0.0

Common Vulnerability Scoring System

5.4

Patches

The vulnerability is fixed is the following VRMF (contact customer support center for the fix and instructions):

2.0.3.8

3.0.1

Vulnerability Disclosure Timeline

2017-04-13: Security note sent to IBM Product Security Incident Response Team about the vulnerability.
2017-04-13: Acknowledge from IBM Product Security Incident Response Team about reception of our note.
2017-05-18: Acknowledge from IBM Product Security Incident Response Team about the issue validity and start working on a fix (CVE ID created by IBM).
2017-08-03: Publishing of the security bulletin by IBM indicating the availability of patches.
2017-08-04: Publishing of the Security Advisory.