Cross Site Scripting security vulnerabilities in FileNet Content Manager in Administration Console for Content Platform Engine (ACCE)
CVEID:CVE-2020-4447
**DESCRIPTION:**IBM FileNet Content Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
FileNet Content Manager | 5.5.3 |
FileNet Content Manager | 5.5.4 |
To address this vulnerability, install one of the below releases:
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager | 5.5.3 | ||
5.5.4 | PJ46144 | ||
PJ46144 | 5.5.3.0-P8CPE-IF003 - 7/16/2020 | ||
5.5.4.0-P8CPE-IF002 - 7/21/2020 |
In the above table, the APAR links will provide more information about the fix.
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
None
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.5.3 | |
filenet content manager | eq | 5.5.4 |