Lucene search

K
ibmIBMFFB252F46C3FEDB944C9F746BBC4098B086D4A11C74B4F43E1E248FA2B69C902
HistoryJan 09, 2019 - 10:50 p.m.

Security Bulletin: IBM FileNet Content Manager component FileNet Deployment Manager security vulnerability

2019-01-0922:50:01
www.ibm.com
8

0.001 Low

EPSS

Percentile

41.8%

Summary

FileNet Deployment Manager external DTD security vulnerability.

Vulnerability Details

CVEID: CVE-2018-1844 DESCRIPTION: IBM Case Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150904&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

FileNet Content Manager 5.2.1, 5.5.0

Remediation/Fixes

To resolve these vulnerabilities, install one of the releases listed below.

Product VRMF APAR Remediation/First Fix
FileNet Content Manager

5.2.1
5.5.0

| PJ45146
PJ45146 |

5.2.1.7-P8CPE-IF004 - 10/8/2018
5.5.0.0-P8CPE-IF003 - 12/18/2018

In the above table, the APAR links will provide more information about the fix.

Workarounds and Mitigations

Do not run FileNet Deployment Manager or upgrade to 5.2.1.7-P8CPE-IF004 or 5.5.0.0-P8CPE-IF003.

0.001 Low

EPSS

Percentile

41.8%

Related for FFB252F46C3FEDB944C9F746BBC4098B086D4A11C74B4F43E1E248FA2B69C902