logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation

Description

## Summary Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation. Oracle OIT issues disclosed in the Oracle April 2018 Critical Patch Update. ## Vulnerability Details **Advisory CVEs: ** **CVEID:** [_CVE-2018-2768_](<https://vulners.com/cve/CVE-2018-2768>) **DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. CVSS Base Score: 7.1 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141924_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141924>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L) **CVEID:** [_CVE-2018-2801_](<https://vulners.com/cve/CVE-2018-2801>) **DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Image Export SDK component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. CVSS Base Score: 7.1 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141957>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L) **CVEID:** [_CVE-2018-2806_](<https://vulners.com/cve/CVE-2018-2806>) **DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. CVSS Base Score: 7.1 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141962_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141962>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L) ## Affected Products and Versions FileNet Content Manager 5.2.1, 5.5.0 IBM Content Foundation 5.2.1, 5.5.0 ## Remediation/Fixes To resolve these vulnerabilities, install one of the patch sets listed below to upgrade Oracle Outside In Technology (OIT) to the April 2018 v8.5.3 patch 27695571 release. **Product** | **VRMF** | **APAR** | **Remediation/First Fix** ---|---|---|--- FileNet Content Manager | 5.2.1 5.5.0 | [_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) [_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) [_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) [_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) | [_5.2.1.7-P8CPE-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.7&platform=All&function=all>) \- 5/24/2018 [_5.2.1.7-P8CSS-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Search+Services&release=5.2.1.7&platform=All&function=all>) \- 5/24/2018 5.5.1.0-P8CPE - 6/28/2018 5.5.1.0-P8CSS - 6/28/2018 IBM Content Foundation | 5.2.1 5.5.0 | [_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) [_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) [_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) [_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) | [_5.2.1.7-P8CPE-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.7&platform=All&function=all>) \- 5/24/2018 [_5.2.1.7-P8CSS-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Search+Services&release=5.2.1.7&platform=All&function=all>) \- 5/24/2018 5.5.1.0-P8CPE - 6/28/2018 5.5.1.0-P8CSS - 6/28/2018 In the above table, the APAR links will provide more information about the fix. ## Workarounds and Mitigations None ##


Affected Software


CPE Name Name Version
filenet content manager 5.5.0
filenet content manager 5.2.1
filenet content manager 5.5.0
filenet content manager 5.2.1
ibm content foundation 5.5.0
ibm content foundation 5.2.1
ibm content foundation 5.5.1
ibm content foundation 5.2.1

Related