IBMA8E6678801B0B27419CFA68CCE92A219CAED32FF4D70367EB9E5D5E0E0F1DECBSecurity Bulletin: Four vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation (CVE-2015-4809, CVE-2015-4811, CVE-2015-4877, CVE-2015-4878)
1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:N/A:P
Summary
There are four security vulnerabilities in the Oracle Outside In Technology (OIT) software used in the IBM FileNet Content Manager and IBM Content Foundation products. See the individual descriptions below for details. These issues are addressed in the OIT October 2015 Critical Patch Update (OIT 8.5.2 p21494657).
Vulnerability Details
CVEID: CVE-2015-4809 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In PDF Export SDK component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107303 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-4811 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In PDF Export SDK component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107304 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-4877 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107301 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-4878 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107302 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)
Affected Products and Versions
FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1
Remediation/Fixes
Install the OIT October 2015 Critical Patch Update which is provided in the following releases in the table below.
| Product | VRMF | APAR | Remediation/First Fix Available |
|---|---|---|---|
| FileNet Content Manager | 5.1.0 |
5.2.0
5.2.1| PJ43705
PJ43707
PJ43703
PJ43706
PJ43703
PJ43706| 5.1.0.6-P8CE-IF002 - 4/13/2016
5.1.0.0-P8CSS-IF016 - 4/13/2016
5.2.0.4-P8CPE-IF004 - 4/13/2016
5.2.0.4-P8CSS-IF002 - 4/13/2016
5.2.1.3-P8CPE-FP003 - 12/4/2015
5.2.1.3-P8CSS-FP003 - 12/4/2015
IBM Content Foundation| 5.2.0
5.2.1| PJ43703
PJ43706
PJ43703
PJ43706| 5.2.0.4-P8CPE-IF004 - 4/13/2016
5.2.0.4-P8CSS-IF002 - 4/13/2016
5.2.1.3-P8CPE-FP003 - 12/4/2015
5.2.1.3-P8CSS-FP003 - 12/4/2015
Releases available from Fix Central: <http://www.ibm.com/support/fixcentral/>
Workarounds and Mitigations
None
Related
1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:N/A:P