Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM80EAAC421E653F082640F7F71EAAFE4802054B4A516EEA124D07CB8775C465F9
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation

2018-06-1712:17:45
www.ibm.com
15

EPSS

0.007

Percentile

80.5%

JSON

Summary

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation.
Oracle OIT issues disclosed in the Oracle January 2017 Critical Patch Update.

Vulnerability Details

Advisory CVEs:
CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295

CVEID: CVE-2017-3266**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120673 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3267**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120674 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3268**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120675 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3269**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120676 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3270**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120677 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3271**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120678 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3293**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3294**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120680 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2017-3295**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120681 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Affected Products and Versions

FileNet Content Manager 5.1.0, 5.2.1
IBM Content Foundation 5.2.1

Remediation/Fixes

To resolve these vulnerabilities, install one of the fixes listed below to upgrade the Oracle Outside In Technology (OIT) to January 2017 v8.5.3 patch 25456339 and higher release.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager 5.1.0

5.2.1| PJ44602
PJ44604
PJ44603
PJ44605| 5.1.0.7-P8CPE-FP007 - 8/11/2017
5.1.0.0-P8CSS-IF017 - 8/11/2017
5.2.1.7-P8CPE-FP007 - 6/26/2017
5.2.1.7-P8CSS-FP007 - 6/26/2017
IBM Content Foundation| 5.2.1| PJ44603
PJ44605| 5.2.1.7-P8CPE-FP007 - 6/26/2017
5.2.1.7-P8CSS-FP007 - 6/26/2017

In the above table, the APAR links will provide more information about the fix

Workarounds and Mitigations

None

Related

ibm 1
nessus 1
cvelist 9
cve 9
nvd 9
prion 9
seebug 2
checkpoint_advisories 1
talos 2
oracle 1
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation
2018-06-17 05:19:06
nessus
nessus
IBM WebSphere Portal 8.5.0 < 8.5.0 CF14 / 9.0.0 < 9.0.0 CF14 Multiple Vulnerabilities
2017-07-03 00:00:00
cvelist
cvelist
CVE-2017-3270
2017-01-27 22:01:00
CVE-2017-3271
2017-01-27 22:01:00
CVE-2017-3267
2017-01-27 22:01:00
cve
cve
CVE-2017-3270
2017-01-27 22:59:03
CVE-2017-3267
2017-01-27 22:59:03
CVE-2017-3295
2017-01-27 22:59:04
nvd
nvd
CVE-2017-3293
2017-01-27 22:59:03
CVE-2017-3270
2017-01-27 22:59:03
CVE-2017-3267
2017-01-27 22:59:03
prion
prion
Buffer overflow
2017-01-27 22:59:00
Buffer overflow
2017-01-27 22:59:00
Buffer overflow
2017-01-27 22:59:00
seebug
seebug
Oracle Outside In Technology PDF parser confusion Code Execution Vulnerability(CVE-2017-3271)
2017-09-26 00:00:00
Oracle Outside In Technology RTF Parsing Code Execution Vulnerability(CVE-2017-3293)
2017-09-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle OIT PDF Parser Code Execution (CVE-2017-3271)
2017-02-22 00:00:00
talos
talos
Oracle Outside In Technology PDF parser confusion Code Execution Vulnerability
2017-01-17 00:00:00
Oracle Outside In Technology RTF Parsing Code Execution Vulnerability
2017-01-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2017
2017-01-17 00:00:00

EPSS

0.007

Percentile

80.5%

JSON
Related for 80EAAC421E653F082640F7F71EAAFE4802054B4A516EEA124D07CB8775C465F9
ibm1nessus1cvelist9cve9nvd9prion9seebug2checkpoint_advisories1talos2oracle1