Administration Console for Content Platform Engine (ACCE) CSV Injection Security vulnerability exists in FileNet Content Manager
CVEID:CVE-2020-4759
**DESCRIPTION:**IBM FileNet Content Manager is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
FileNet Content Manager | 5.5.4 |
FileNet Content Manager | 5.5.5 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
FileNet Content Manager | 5.5.4 | ||
5.5.5 | PJ46215 | ||
PJ46215 | 5.5.4.0-P8CPE-IF003 - 11/4/2020 | ||
5.5.5.0-P8CPE-IF002 - 9/25/2020 |
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
None
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.5.4 | |
filenet content manager | eq | 5.5.5 |