Lucene search

K
ibmIBM9B9B9FD01B5FB8FEA4CC80B41510A56EBED97ABF5CDB699BBD391F5D43E303BF
HistoryAug 12, 2020 - 10:57 p.m.

Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager

2020-08-1222:57:14
www.ibm.com
31
oracle oit
ibm filenet
outside in technology
oracle fusion middleware
vulnerabilities
cve-2018-18224
cve-2018-3227
cve-2018-3226
cve-2018-3218
cve-2018-3229
cve-2018-3217
cve-2018-3228
confidentiality impact
integrity impact
availability impact

EPSS

0.187

Percentile

96.3%

Summary

Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager. Oracle OIT issues disclosed in the Oracle October 2018 Critical Patch Update.

Vulnerability Details

CVEID: CVE-2018-18224 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters (ODA Module) component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151427&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3227 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151542&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3226 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151541&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3218 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151533&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

CVEID: CVE-2018-3229 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151544&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3217 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151532&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

CVEID: CVE-2018-3228 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151543&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3219 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151534&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)

CVEID: CVE-2018-3230 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151545&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3232 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151547&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3221 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151536&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3231 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151546&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3220 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151535&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)

CVEID: CVE-2018-3223 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151538&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3234 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151549&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3233 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151548&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3222 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151537&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3225 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151540&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3302 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151614&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3224 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151539&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

CVEID: CVE-2018-3147 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151463&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-18223 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters (ODA Module) component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151426&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

Affected Products and Versions

FileNet Content Manager 5.2.1, 5.5.0, 5.5.1, 5.5.2

Remediation/Fixes

To resolve these vulnerabilities, install one of the patch sets listed below to upgrade Oracle Outside In Technology (OIT) to the July 2018 v8.5.3 patch 28760615 release.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager

5.2.1

5.5.0

5.5.1

5.5.2

| PJ45551
PJ45551

PJ45552
PJ45552

PJ45551
PJ45552
PJ45551
[

PJ45552

](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45552&gt;) PJ45551
PJ45551

PJ45552
PJ45552
|

5.2.1.7-P8CPE-ALL-LA015 - 1/18/2019
5.2.1.7-P8CPE-IF005 - 2/13/2019
5.2.1.7-P8CSS-ALL-LA004 - 1/18/2019
5.2.1.7-P8CSS-IF005 - 2/13/2019
5.5.0.0-P8CPE-ALL-LA004 - 1/18/2019
5.5.0.0-P8CSS-ALL-LA002 - 1/18/2019
5.5.1.0-P8CPE-IF002 - 1/15/2019
5.5.1.0-P8CSS-IF002 - 1/15/2019
5.5.2.0-P8CPE-ALL-LA003 - 1/18/2019
5.5.2.0-P8CPE-IF001 - 3/13/2019
5.5.2.0-P8CSS-ALL-LA001 - 1/18/2019
5.5.2.0-P8CSS-IF001 - 3/13/2019

In the above table, the APAR links will provide more information about the fix.
Contact IBM support for access to the Limited Availability (LA) fixes.

Workarounds and Mitigations

None

EPSS

0.187

Percentile

96.3%

Related for 9B9B9FD01B5FB8FEA4CC80B41510A56EBED97ABF5CDB699BBD391F5D43E303BF