Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation.
Oracle OIT issues disclosed in the Oracle January 2017 Critical Patch Update.
Advisory CVEs:
CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295
CVEID: CVE-2017-3266**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120673 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3267**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120674 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3268**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120675 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3269**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120676 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3270**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120677 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3271**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120678 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3293**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3294**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120680 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2017-3295**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120681 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
FileNet Content Manager 5.1.0, 5.2.1
IBM Content Foundation 5.2.1
To resolve these vulnerabilities, install one of the fixes listed below to upgrade the Oracle Outside In Technology (OIT) to January 2017 v8.5.3 patch 25456339 and higher release.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager | 5.1.0 |
5.2.1| PJ44602
PJ44604
PJ44603
PJ44605| 5.1.0.7-P8CPE-FP007 - 8/11/2017
5.1.0.0-P8CSS-IF017 - 8/11/2017
5.2.1.7-P8CPE-FP007 - 6/26/2017
5.2.1.7-P8CSS-FP007 - 6/26/2017
IBM Content Foundation| 5.2.1| PJ44603
PJ44605| 5.2.1.7-P8CPE-FP007 - 6/26/2017
5.2.1.7-P8CSS-FP007 - 6/26/2017
In the above table, the APAR links will provide more information about the fix
None