IBM Content Foundation on Cloud contains a IBM WebSphere Application Server Network Deployment security vulnerability
CVEID:CVE-2020-4163
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Content Foundation on Cloud | 5.5.3 |
5.5.4 |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Content Foundation on Cloud | 5.5.3 | ||
5.5.4 | PJ46065 | ||
PJ46065 | 5.5.3.0-P8CPE-Container-IF003 - 7/16/2020 | ||
5.5.4.0-P8CPE-Container-IF001 - 3/27/2020 |
Resolved by updating WebSphere Interim Fix PH19528 or Fix Pack 20.0.0.2 or later.
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
Resolved by updating WebSphere Interim Fix PH19528 or Fix Pack 20.0.0.2 or later.
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.5.3 | |
filenet content manager | eq | 5.5.4 |