6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
IBM FileNet Content Manager has addressed the following security vulnerability.
Apache PDFBox is vulnerable to a denial of service, caused by an out of memory exception in AFMParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
For more information please refer to the X-Force database entries referenced below.
CVEID: CVE-2018-8036
DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an out of memory exception in AFMParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145592> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
IBM FileNet Content Manager 5.2.1, 5.5.0, 5.5.1
To address this vulnerability install one of the fixes listed below to upgrade to Apache PDFBox 1.8.15 or higher.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager |
5.2.1
5.5.0
5.5.1
|
PJ45440
PJ45441
PJ45440
PJ45441
PJ45440
PJ45441
|
5.2.1.7-P8CPE-IF004 - 10/8/2018
5.2.1.7-P8CSS-IF004 - 10/8/2018
5.5.0.0-P8CPE-IF003 - 12/18/2018
5.5.0.0-P8CSS-IF003 - 12/18/2018
5.5.1.0-P8CPE-IF001 - 8/24/2018
5.5.1.0-P8CSS-IF002 - 1/15/2019
In the above table, the APAR links will provide more information about the fix
None
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.2.1 | |
filenet content manager | eq | 5.5.0 | |
filenet content manager | eq | 5.5.1 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P