Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8FCCAF502B1DEFDC1D049AA4F0E6799049FBA0CBA1ADF686AF46786DCE26BDAC
HistoryOct 11, 2023 - 6:57 p.m.

Security Bulletin: Cross Site Scripting (XSS) CVE-2023-35905 security vulnerability in FileNet Content Manager FileNet DetailedStatus

2023-10-1118:57:53
www.ibm.com
26
filenet content manager
cross site scripting
cve-2023-35905
security vulnerability
patch
javascript
credentials disclosure

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

13.2%

JSON

Summary

Cross Site Scripting (XSS) CVE-2023-35905 security vulnerability in FileNet Content Manager FileNet DetailedStatus parameter name

Vulnerability Details

CVEID:CVE-2023-35905
**DESCRIPTION:**IBM FileNet Content Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259384 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
FileNet Content Manager 5.5.10 5.5.8.0
FileNet Content Manager 5.5.10.0
FileNet Content Manager 5.5.11.0

Remediation/Fixes

To resolve these vulnerabilities, install one of the patch sets listed below.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager 5.5.8.0 PJ47094 5.5.8.0-P8CPE-IF005 - 8/30/2023
FileNet Content Manager 5.5.10.0 PJ47094 5.5.10.0-P8CPE-IF002 - 7/28/2023
FileNet Content Manager 5.5.11.0 PJ47094 5.5.11.0-P8CPE-IF001 - 9/27/2023

In the above table, the APAR links will provide more information about the fix.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmfilenet_content_managerMatch5.5.8
OR
ibmfilenet_content_managerMatch5.5.10
OR
ibmfilenet_content_managerMatch5.5.11

Related

cvelist 1
prion 1
cve 1
cnvd 1
nvd 1
cvelist
cvelist
CVE-2023-35905 IBM FileNet Content Manager cross-site scripting
2023-10-04 00:38:39
prion
prion
Cross site scripting
2023-10-04 01:15:00
cve
cve
CVE-2023-35905
2023-10-04 01:15:50
cnvd
cnvd
IBM FileNet Content Manager Web UI Cross-Site Scripting Vulnerability
2023-10-07 00:00:00
nvd
nvd
CVE-2023-35905
2023-10-04 01:15:50

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

13.2%

JSON
Related for 8FCCAF502B1DEFDC1D049AA4F0E6799049FBA0CBA1ADF686AF46786DCE26BDAC
cvelist1prion1cve1cnvd1nvd1