CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.2%
Security vulnerability in FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream, affected, not vulnerable.
CVEID:CVE-2022-40151
**DESCRIPTION:**XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236354 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
FileNet Content Manager | 5.5.4.0 |
FileNet Content Manager | 5.5.8.0 |
FileNet Content Manager | 5.5.9.0 |
FileNet Content Manager | 5.5.10.0 |
Fixed in ThoughtWorks XStream v1.4.20, released December 24, 2022.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager | 5.5.4.0 | PJ46975 | 5.5.4.0-P8CSS-IF010 - 6/27/2023 |
FileNet Content Manager | 5.5.8.0 | PJ46975 | 5.5.8.0-P8CSS-IF004 - 2/30/2023 |
FileNet Content Manager | 5.5.9.0 | PJ46975 | 5.5.9.0-P8CSS-IF002 - 3/15/2023 |
FileNet Content Manager | 5.5.10.0 | PJ46975 | 5.5.10.0-P8CSS-IF001 - 4/30/2023 |
In the above table, the APAR links will provide more information about the fix.
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
82.2%