Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF81F308961E7EEB01464891902FC7FA6272BD8C5CA582F2D7075C375ADB9E4B3
HistoryJun 17, 2018 - 12:16 p.m.

Security Bulletin: Vulnerabilies (17 total) in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation

2018-06-1712:16:38
www.ibm.com
8

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:C/I:P/A:P

JSON

Summary

Security vulnerabilities exist in Oracle Outside In Technology (OIT) which affect IBM FileNet Content Manager and IBM Content Foundation.

Vulnerability Details

Advisory CVEs:
CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596

CVEID: CVE-2016-3574**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115143 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3575**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115144 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3576**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115145 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3577**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115146 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3578**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115147 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3579**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115148 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3580**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115149 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3581**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115150 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3582**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3583**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3590**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3591**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115154 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3592**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115155 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3593**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115156 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3594**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115157 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3595**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115158 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

CVEID: CVE-2016-3596**
DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component has high confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 8.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Affected Products and Versions

FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1

Remediation/Fixes

To address these vulnerabilities, install one of the fixes listed below to upgrade the Oracle Outside In Technology (OIT) to July 2016 8.5.2 patch 23558243 and higher release.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager 5.1.0

5.2.0

5.2.1| PJ44330
PJ44332
PJ44331
PJ44333
PJ44331
PJ44333| 5.1.0.7-P8CPE-FP007 - 8/11/2017
5.1.0.0-P8CSS-IF017 - 8/11/2017
5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/19/2016
5.2.1.6-P8CSS-FP006 - 12/19/2016
IBM Content Foundation| 5.2.0

5.2.1| PJ44331
PJ44333
PJ44331
PJ44333| 5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/19/2016
5.2.1.6-P8CSS-FP006 - 12/19/2016

In the above table, the APAR links will provide more information about the fix.

Workarounds and Mitigations

None

Related

prion 17
ibm 2
cve 17
mscve 1
nessus 1
talos 17
seebug 17
checkpoint_advisories 1
oracle 1
prion
prion
Design/Logic Flaw
2016-07-21 10:14:00
Design/Logic Flaw
2016-07-21 10:14:00
Design/Logic Flaw
2016-07-21 10:14:00
ibm
ibm
Security Bulletin: Multiple Oracle Outside In Technology (OIT) July 2016 CPU in IBM Content Collector for Email
2018-06-17 12:17:03
Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2016-3574, CVE-2016-3575, etc)
2018-06-17 05:15:44
cve
cve
CVE-2016-3574
2016-07-21 10:14:00
CVE-2016-3580
2016-07-21 10:14:00
CVE-2016-3578
2016-07-21 10:14:00
mscve
mscve
Oracle Outside In Vulnerabilities
2016-09-13 07:00:00
nessus
nessus
MS16-108: Security Update for Microsoft Exchange Server (3185883)
2016-09-13 00:00:00
talos
talos
Oracle OIT IX SDK libvs_pdf arbitrary pointer access
2016-07-19 00:00:00
Oracle OIT IX SDK TIFF file parsing heap buffer overflow
2016-07-19 00:00:00
Oracle OIT ContentAccess libvs_word Denial of Service Vulnerability
2016-07-19 00:00:00
seebug
seebug
Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability(CVE-2016-3596)
2017-10-16 00:00:00
Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity(CVE-2016-3583)
2017-10-16 00:00:00
Oracle OIT IX SDK TIFF file parsing heap buffer overflow(CVE-2016-3582)
2017-10-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Fusion Middleware OiT Component Multiple Vulnerabilities (CVE-2016-3593)
2020-12-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:C/I:P/A:P

JSON
Related for F81F308961E7EEB01464891902FC7FA6272BD8C5CA582F2D7075C375ADB9E4B3
prion17ibm2cve17mscve1nessus1talos17seebug17checkpoint_advisories1oracle1