What is CVE-2023-35905?

CVE-2023-35905 is a vulnerability in IBM FileNet Content Manager that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.

How does the CVE-2023-35905 vulnerability affect IBM FileNet Content Manager?

The CVE-2023-35905 vulnerability affects IBM FileNet Content Manager versions 5.5.8, 5.5.10, and 5.5.11, allowing users to exploit cross-site scripting to alter the intended functionality and potentially disclose credentials.

What is the severity of the CVE-2023-35905 vulnerability?

The severity of the CVE-2023-35905 vulnerability is medium, with a severity value of 5.4.

How can I fix the CVE-2023-35905 vulnerability in IBM FileNet Content Manager?

To fix the CVE-2023-35905 vulnerability, IBM recommends applying the necessary updates or patches provided by IBM FileNet Content Manager.

Where can I find more information about the CVE-2023-35905 vulnerability?

You can find more information about the CVE-2023-35905 vulnerability on the IBM X-Force Exchange website or the IBM support pages.

Vulnerability/
CVE-2023-35905

medium

5.4

CWE

29/9/2023

4/10/2023

19/9/2024

CVE-2023-35905: IBM FileNet Content Manager cross-site scripting

First published: Fri Sep 29 2023(Updated: )

IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM FileNet Content Manager	=5.5.8
IBM FileNet Content Manager	=5.5.10
IBM FileNet Content Manager	=5.5.11
IBM FileNet Content Manager 5.5.10	<=5.5.8.0
IBM FileNet Content Manager	<=5.5.10.0
IBM FileNet Content Manager	<=5.5.11.0

Remedy

https://www.ibm.com/support/pages/node/7014389

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7014389

Frequently Asked Questions

What is CVE-2023-35905?
CVE-2023-35905 is a vulnerability in IBM FileNet Content Manager that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How does the CVE-2023-35905 vulnerability affect IBM FileNet Content Manager?
The CVE-2023-35905 vulnerability affects IBM FileNet Content Manager versions 5.5.8, 5.5.10, and 5.5.11, allowing users to exploit cross-site scripting to alter the intended functionality and potentially disclose credentials.
What is the severity of the CVE-2023-35905 vulnerability?
The severity of the CVE-2023-35905 vulnerability is medium, with a severity value of 5.4.
How can I fix the CVE-2023-35905 vulnerability in IBM FileNet Content Manager?
To fix the CVE-2023-35905 vulnerability, IBM recommends applying the necessary updates or patches provided by IBM FileNet Content Manager.
Where can I find more information about the CVE-2023-35905 vulnerability?
You can find more information about the CVE-2023-35905 vulnerability on the IBM X-Force Exchange website or the IBM support pages.

collector/nvd-api
collector/nvd-index
agent/references
agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/title
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
agent/trending
vendor/ibm
canonical/ibm filenet content manager
version/ibm filenet content manager/5.5.8
version/ibm filenet content manager/5.5.10
version/ibm filenet content manager/5.5.11
canonical/ibm filenet content manager 5.5.10
version/ibm filenet content manager 5.5.10/5.5.8.0
version/ibm filenet content manager/5.5.10.0
version/ibm filenet content manager/5.5.11.0