Security Bulletin: Content Manager Enterprise Edition and use of Oracle Outside In Technology Security Vulnerability (CVE-2013-5791, CVE-2013-5763)

Summary

Oracle Outside In Technology has Security vulnerabilities which may be exposed within the use of Content Manager Enterprise Edition

Vulnerability Details

CVEID:CVE-2013-5791__ __ **DESCRIPTION: **
Content Manager Enterprise Edition bundles some of the tools provided by Oracle Outside In Technology. The Oracle Outside In Microsoft Access 1.x database file parser is vulnerable to a stack-based buffer overflow.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87925
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID:CVE-2013-5763
DESCRIPTION:
Content Manager Enterprise Edition bundles some of the tools provided by Oracle Outside In Technology. Oracle Outside In Technology has additional security vulnerabilities which are fixed within the patch referred to below.

CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88557 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

CM 8.4.3 CM 8.5

Remediation/Fixes

<Product

| VRMF | APAR | Remediation/First Fix
—|—|—|—
Content Manager Enterprise Edition | 8.4.3
8.5 | | Upgrade to V8.4.3 FP4 or Higher
Upgrade to V8.5. FP1 or Higher

Workarounds and Mitigations

None