ibm-content-services-mcp-server

CRITICAL: Multiple SQL Injection vulnerabilities exist in `repository_object_search`, `folders.py` (e.g., `lookup_folder_id`), and `mcp_manage_hold.py` (e.g., `find_hold_relationship_object`, `list_holds_by_name_tool`). These tools construct SQL `WHERE` clauses by directly embedding user-provided string values (like `property_value`, `folder_id_or_path`, `hold_object_id`, `held_object_id`, `hold_display_name`) without proper escaping of internal single quotes. This allows a malicious actor to inject arbitrary SQL commands. MEDIUM: The `create_document` and `checkout_document` tools perform local file system operations (uploading/downloading content) based on paths provided to the server. While basic path validation is present, an AI agent or malicious user could potentially leverage this to read from or write to unintended locations on the server's file system. WARNING: The server supports disabling SSL/TLS verification (`SSL_ENABLED=false` etc.), explicitly noted in the README as 'not recommended for production,' which can expose communications to man-in-the-middle attacks.