5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Security vulnerability may affect Apache HttpClient used by IBM FileNet Content Manager.
CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79984> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM Content Manager 5.2.1, 5.5.0, 5.5.1
To resolve these vulnerabilities, install one of the releases below.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager |
5.2.1
5.5.0
5.5.1
|
| 5.2.1.7-P8CPE-IF004 - 10/8/2018
5.5.0.0-P8CPE-IF003 - 12/14/2018
5.5.1.0-P8CPE-IF002 - 1/15/2019
| | |
In the above table, the APAR links will provide more information about the fix.
None
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.2.1 | |
filenet content manager | eq | 5.5.0 | |
filenet content manager | eq | 5.5.1 |