CVE-2020-4934

Name of the Vulnerable Software and Affected Versions IBM Content Navigator version 3.0.CD

Description The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Recommendations For IBM Content Navigator version 3.0.CD, as a temporary workaround, consider restricting access to sensitive files and directories until a patch is available. Avoid using URL requests that contain dot dot sequences (/../) in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.