Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD78F137C65C5B5D2223BBCCA9EC6F0322CCEE07E3564DDD067A27A31AA7B93D6
HistoryFeb 29, 2024 - 2:15 a.m.

Security Bulletin: FileNet Content Manager (FNCM) Content Platform Engine (CPE) user may gain authorization privileges of another user in specific cases

2024-02-2902:15:19
www.ibm.com
11
filenet content manager
user privileges
vulnerability
patch installation

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

FileNet Content Manager (FNCM) Content Platform Engine (CPE) user may gain authorization privileges of another user in specific cases

Vulnerability Details

CVEID:CVE-2023-47716
**DESCRIPTION:**IBM CP4BA - Filenet Content Manager Component could allow a user to gain the privileges of another user under unusual circumstances.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
FileNet Content Manager 5.5.10.0
FileNet Content Manager 5.5.11.0
FileNet Content Manager 5.5.8.0
CP4BA - Filenet Content Manager 21.0.3
CP4BA - Filenet Content Manager 23.0.1

Remediation/Fixes

To resolve these vulnerabilities, install one of the patch sets listed below.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager 5.5.8.0 PJ47208 5.5.8.0-P8CPE-IF006 - 2/28/2024
FileNet Content Manager 5.5.10.0 PJ47208 5.5.10.0-P8CPE-IF002 - 1/26/2024
FileNet Content Manager 5.5.11.0 PJ47208 5.5.11.0-P8CPE-IF002 - 7/26/2024
CP4BA - Filenet Content Manager 21.0.3 PJ47208 CP4BA-21.0.3-IF28 - 12/27/2023
CP4BA - Filenet Content Manager 23.0.1 PJ47208 CP4BA-23.0.1-IF6 - 12/27/2023

In the above table, the APAR links will provide more information about the fix.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmfilenet_content_managerMatch5.5.4
OR
ibmfilenet_content_managerMatch5.5.6
OR
ibmfilenet_content_managerMatch5.5.7
OR
ibmfilenet_content_managerMatch5.5.8
OR
ibmfilenet_content_managerMatch5.5.9
OR
ibmfilenet_content_managerMatch5.5.10
OR
ibmfilenet_content_managerMatch5.5.11

Related

cve 1
prion 1
cvelist 1
nvd 1
ibm 1
cve
cve
CVE-2023-47716
2024-03-01 03:15:06
prion
prion
Design/Logic Flaw
2024-03-01 03:15:00
cvelist
cvelist
CVE-2023-47716 IBM FileNet Content Manager privilege escalation
2024-03-01 02:22:48
nvd
nvd
CVE-2023-47716
2024-03-01 03:15:06
ibm
ibm
Security Bulletin: Incorrect authorization vulnerability affect IBM Business Automation Workflow - CVE-2023-47716
2024-04-02 06:51:08

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for D78F137C65C5B5D2223BBCCA9EC6F0322CCEE07E3564DDD067A27A31AA7B93D6
cve1prion1cvelist1nvd1ibm1