IBM2A84C7580EAED7276A9993E833138AE80A43F567508BEBF1A41E640D7981916BSecurity Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
Summary
Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation.
Oracle OIT issues disclosed in the Oracle April 2018 Critical Patch Update.
Vulnerability Details
Advisory CVEs:
CVEID: CVE-2018-2768 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/141924 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)
CVEID: CVE-2018-2801 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Image Export SDK component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/141957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)
CVEID: CVE-2018-2806 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/141962 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)
Affected Products and Versions
FileNet Content Manager 5.2.1, 5.5.0
IBM Content Foundation 5.2.1, 5.5.0
Remediation/Fixes
To resolve these vulnerabilities, install one of the patch sets listed below to upgrade Oracle Outside In Technology (OIT) to the April 2018 v8.5.3 patch 27695571 release.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| FileNet Content Manager | 5.2.1 |
5.5.0 | PJ45337
PJ45338
PJ45337
PJ45338 | 5.2.1.7-P8CPE-IF002 - 5/24/2018
5.2.1.7-P8CSS-IF002 - 5/24/2018
5.5.1.0-P8CPE - 6/28/2018
5.5.1.0-P8CSS - 6/28/2018
IBM Content Foundation | 5.2.1
5.5.0 | PJ45337
PJ45338
PJ45337
PJ45338 | 5.2.1.7-P8CPE-IF002 - 5/24/2018
5.2.1.7-P8CSS-IF002 - 5/24/2018
5.5.1.0-P8CPE - 6/28/2018
5.5.1.0-P8CSS - 6/28/2018
In the above table, the APAR links will provide more information about the fix.
Workarounds and Mitigations
None
Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P