{"api_version":"1","generated_at":"2026-04-22T19:37:47+00:00","cve":"CVE-2022-43581","urls":{"html":"https://cve.report/CVE-2022-43581","api":"https://cve.report/api/cve/CVE-2022-43581.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-43581","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-43581"},"summary":{"title":"CVE-2022-43581","description":"IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-12-07 18:15:00","updated_at":"2023-11-07 03:53:00"},"problem_types":["CWE-862"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/238805","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/238805","refsource":"MISC","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6844453","name":"https://www.ibm.com/support/pages/node/6844453","refsource":"MISC","tags":[],"title":"Security Bulletin: IBM Content Navigator is vulnerable to missing authorization.","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-43581","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43581","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"43581","vulnerable":"1","versionEndIncluding":"3.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"content_navigator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-43581","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","cweId":"CWE-119"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Content Navigator","version":{"version_data":[{"version_value":"3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.ibm.com/support/pages/node/6844453","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/6844453"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/238805","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/238805"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2022-12-07 18:15:00","lastModifiedDate":"2023-11-07 03:53:00","problem_types":["CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:content_navigator:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}