Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM28A039C8CEF861A98DA8248C90D8A395E6D5B3BBA5999A30A411C2336EEACE79
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation

2018-06-1712:17:22
www.ibm.com
8

EPSS

0.004

Percentile

73.9%

JSON

Summary

Security vulnerabilities exist in Oracle Outside In Technology (OIT) which affect the IBM FileNet Content Manager and IBM Content Foundation products.

Vulnerability Details

Advisory CVEs:
CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, CVE-2016-5588

CVEID: CVE-2016-5558**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117981 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-5574**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117982 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-5577**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117983 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-5578**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117984 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-5579**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117985 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-5588**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117986 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Affected Products and Versions

FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1

Remediation/Fixes

To resolve these vulnerabilities, install one of the fixes listed below to upgrade the Oracle Outside In Technology (OIT) to October 2016 8.5.2 patch 24836099 and higher release.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager 5.1.0

5.2.0

5.2.1| PJ44473
PJ44474
PJ44469
PJ44475
PJ44469
PJ44475| 5.1.0.7-P8CE-FP007 - 8/11/2017
5.1.0.0-P8CSS-IF017 - 8/11/2017
5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/16/2016
5.2.1.6-P8CSS-FP006 - 12/16/2016
IBM Content Foundation| 5.2.0

5.2.1| PJ44469
PJ44475
PJ44469
PJ44475| 5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/16/2016
5.2.1.6-P8CSS-FP006 - 12/16/2016

In the above table, the APAR links will provide more information about the fix.

Workarounds and Mitigations

None

Related

cvelist 6
prion 6
nvd 6
cve 6
ibm 1
oracle 1
cvelist
cvelist
CVE-2016-5579
2016-10-25 14:00:00
CVE-2016-5558
2016-10-25 14:00:00
CVE-2016-5578
2016-10-25 14:00:00
prion
prion
Buffer overflow
2016-10-25 14:30:00
Buffer overflow
2016-10-25 14:30:00
Buffer overflow
2016-10-25 14:30:00
nvd
nvd
CVE-2016-5578
2016-10-25 14:30:47
CVE-2016-5579
2016-10-25 14:30:49
CVE-2016-5574
2016-10-25 14:30:43
cve
cve
CVE-2016-5558
2016-10-25 14:30:25
CVE-2016-5588
2016-10-25 14:30:59
CVE-2016-5578
2016-10-25 14:30:47
ibm
ibm
Security Bulletin: Open Source Oracle Outside In Technology Vulnerabilities in IBM Content Collector for Email
2018-06-17 12:17:35
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00

EPSS

0.004

Percentile

73.9%

JSON
Related for 28A039C8CEF861A98DA8248C90D8A395E6D5B3BBA5999A30A411C2336EEACE79
cvelist6prion6nvd6cve6ibm1oracle1