6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
FileNet Content Manager (FNCM) Content Platform Engine (CPE) user may gain authorization privileges of another user in specific cases
CVEID:CVE-2023-47716
**DESCRIPTION:**IBM CP4BA - Filenet Content Manager Component could allow a user to gain the privileges of another user under unusual circumstances.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
FileNet Content Manager | 5.5.10.0 |
FileNet Content Manager | 5.5.11.0 |
FileNet Content Manager | 5.5.8.0 |
CP4BA - Filenet Content Manager | 21.0.3 |
CP4BA - Filenet Content Manager | 23.0.1 |
To resolve these vulnerabilities, install one of the patch sets listed below.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager | 5.5.8.0 | PJ47208 | 5.5.8.0-P8CPE-IF006 - 2/28/2024 |
FileNet Content Manager | 5.5.10.0 | PJ47208 | 5.5.10.0-P8CPE-IF002 - 1/26/2024 |
FileNet Content Manager | 5.5.11.0 | PJ47208 | 5.5.11.0-P8CPE-IF002 - 7/26/2024 |
CP4BA - Filenet Content Manager | 21.0.3 | PJ47208 | CP4BA-21.0.3-IF28 - 12/27/2023 |
CP4BA - Filenet Content Manager | 23.0.1 | PJ47208 | CP4BA-23.0.1-IF6 - 12/27/2023 |
In the above table, the APAR links will provide more information about the fix.
None
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%