Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, and IBM® Runtime Environment Java™ Version 6, 7 in IBM FileNet Content Manager, and IBM Content Foundation

Summary Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, and IBM® Runtime Environment Java™ Version 6, 7 in IBM FileNet Content Manager, and IBM Content Foundation. Resolved by using the IBM Runtime Environment Java October 2016 Critical Patch Update...

Security Bulletin: Vulnerabilies (17 total) in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation

Summary Security vulnerabilities exist in Oracle Outside In Technology OIT which affect IBM FileNet Content Manager and IBM Content Foundation. Vulnerability Details Advisory CVEs: CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580,...

Security Bulletin: Vulnerability in Apache Tomcat Commons FileUpload affect FileNet Content Manager, and IBM Content Foundation (CVE-2016-3092)

Summary Security vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Apache PDFBox. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...

Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182)

Summary Security vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Apache Struts. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against...

Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175)

Summary Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content Foundation. Vulnerability Details CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external...

Security Bulletin: Vulnerability in Oracle Outside In Technology (OIT) affects FileNet Content Manager and IBM Content Foundation (CVE-2016-3455)

Summary Security vulnerabilitiy exists in in Oracle Outside In Technology OIT which affects the IBM FileNet Content Manager and IBM Content Foundation products. Vulnerability Details CVE-ID: CVE-2016-3455 Description: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside...

Security Bulletin: Installer vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation, and FileNet BPM (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

Security Bulletin: Java specific SLOTH - Weak MD5 Signature Hash

Summary There is vulnerability in IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, and 8, that are used by FileNet Content Manager, IBM Content Foundation and FileNet BPM. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and include the vulnerabilit...

Security Bulletin: Multiple vulnerabilities exist with Oracle Outside In Technology (OIT) in IBM FileNet Content Manager and IBM Content Foundation.

Summary Five security vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation. See the individual description for the details. Vulnerability Details CVEID: CVE-2015-4808 DESCRIPTION: An unspecified vulnerability in the Oracle Outside In Technology Outside In Filters...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-7575, CVE-2016-0475, CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, and 8, that are used by FileNet Content Manager, IBM Content Foundation and FileNet BPM. These issues were disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability...

Security Bulletin: Vulnerability in Apache Commons (CVE-2015-7450), affects FileNet Content Manager and IBM Content Foundation

Summary An Apache Commons Collections vulnerability for handling Java object deserialization is addressed in the FileNet Content Manager and IBM Content Foundation products. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute...

Security Bulletin: Four vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation (CVE-2015-4809, CVE-2015-4811, CVE-2015-4877, CVE-2015-4878)

Summary There are four security vulnerabilities in the Oracle Outside In Technology OIT software used in the IBM FileNet Content Manager and IBM Content Foundation products. See the individual descriptions below for details. These issues are addressed in the OIT October 2015 Critical Patch Update...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime Environment (JRE) affect the FileNet Content Manager, IBM Content Foundation and FileNet BPM products (CVE-2015-4872, CVE-2015-5006, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803)

Summary There are multiple vulnerabilities in the IBM Runtime Environment Java Technology Edition used by the FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager products. These issues are addressed in Version 1.6.0 SR16 FP15, Version 1.7.0 SR9 FP20, and Java 1.8....

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)

Summary There are multiple vulnerabilities in the IBM Runtime Environment Java Technology Edition used in the FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager products. These issues are addressed in Version 1.6.0 SR16 FP7, Version 1.7.0 SR9 FP10, and 1.8.0 SR1...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916)

Summary There are multiple vulnerabilities in the IBM Runtime Environment Java Technology Edition used by FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager. These issues are addressed in Version 1.6.0 SR16 FP4 which is part of the IBM Java SDK April 2015 update...

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-1888)

Summary IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2015-1888 IBM Content Navigator is vulnerable to cross-site scripting. The vulnerability is caused by improper validation of user...

Security Bulletin: Three vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM (CVE-2014-6593, CVE-2015-0410, and CVE-20150-0383)

Summary Three security vulnerabilities exist in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM. See the individual description for the details. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to th...

Security Bulletin: IBM Content Navigator affected by reflected cross-site scripting issue <CVE-2014-8911>

Summary Reflected cross-site scripting issue using the "Accept-Language" header parameter affects IBM Content Navigator. Vulnerability Details CVEID: CVE-2014-8911 DESCRIPTION: IBM Content Navigator is vulnerable to reflected cross-site scripting, caused by improper validation of user supplied...

Security Bulletin: Vulnerability in SSLv3 affects IBM Content Navigator (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the Knowledge Center for IBM Content Navigator V2.0.3. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...