CVE-2023-35896 MEDIUM

CVE-2023-35896: IBM Content Navigator server-side request forgery

Vendor Ibm

Product Content Navigator

Weakness CWE-918 · SSRF

Published November 3, 2023

Last update September 4, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Key dates

02Disclosure timeline

November 3, 2023 CVE published

September 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-35896

Related vulnerabilities

04Related CVE

CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery CVE-2019-25451 phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow CVE-2026-39370 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732) CVE-2024-13411 Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function