A security vulnerability in IBM FileNet Content Manager and Case Foundation, in some case, could contain user information in the log when Process Orchestration Web Services is invoked.
CVEID: CVE-2019-4572 DESCRIPTION: IBM FileNet Content Manager in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine.
CVSS Base Score: 4.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/166798> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
FileNet Content Manager and Case Foundation 5.5.2, 5.5.3.
This security vulnerability only exists in 5.5.2.0-P8CPE-IF001, 5.5.2.0-P8CPE-IF002 and 5.5.3.0-P8CPE (GA).
To resolve these vulnerabilities, install one of the patch sets listed below.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager |
5.5.2
5.5.3
5.5.2.0-P8CPE-IF003 - 10/9/2019
5.5.3.0-P8CPE-IF001 - 9/27/2019
Stop use of Process Engine (PE) Process Orchestration’s advanced “Partner Links function”.
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.5.2 | |
filenet content manager | eq | 5.5.3 | |
ibm case foundation | eq | 5.5.2 | |
ibm case foundation | eq | 5.5.3 |