Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

Security Bulletin: Security vulnerability in IBM Java Object Request Broker (ORB) in FileNet Content Manager

Summary Security vulnerability in IBM Java Object Request Broker ORB in FileNet Content Manager, affected and vulnerable Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Java Runtime (JRE) security vulnerabilities CVE-2022-21426 in FileNet Content Manager

Summary IBM Java Runtime JRE security vulnerabilities CVE-2022-21426 in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause ...

Security Bulletin: IBM Java Runtime (JRE) security vulnerabilities CVE-2023-21830, CVE-2023-21843 in FileNet Content Manager

Summary Security Bulletin: IBM Java Runtime JRE security vulnerabilities CVE-2023-21830, CVE-2023-21843 in FileNet Content Manager, affected, but not vulnerable Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component...

Security Bulletin: Oracle Outside In Technology (OIT) Security Vulnerabilities

Summary Oracle Outside In Technology OIT Security Vulnerabilities resolved in January 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-27404 DESCRIPTION: FreeType is vulnerable to a buffer overflow, caused by improper bounds checking in sfntinitface function. By persuading a victi...

Security Bulletin: Oracle Outside In Technology (OIT) Security Vulnerabilities

Summary Oracle Outside In Technology OIT Security Vulnerabilities resolved in January 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-27404 DESCRIPTION: FreeType is vulnerable to a buffer overflow, caused by improper bounds checking in sfntinitface function. By persuading a victi...

Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable

Summary Security vulnerability in FileNet Content Manager FNCM FileNet Content Search Services CSS ThoughtWorks XStream, affected, not vulnerable. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable

Summary Security vulnerability in FileNet Content Manager FNCM FileNet Content Search Services CSS ThoughtWorks XStream, affected, not vulnerable. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

Security Bulletin: FileNet Content Manager GraphQL jackson-databind security vulnerabilities, affected but not vulnerable

Summary FileNet Content Manager GraphQL jackson-databind security vulnerabilities CVE-2022-42003 and CVE-2022-42004, affected but not vulnerable Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in...

Security Bulletin: FileNet Content Manager (FNCM) has multiple IBM Java security vulnerabilities

Summary FileNet Content Manager FNCM has multiple IBM Java security vulnerabilities in Content Platform Engine CPE. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection (CVE-2022-34165) in FileNet Content Manager containers

Summary IBM WebSphere Application Server is vulnerable to HTTP header injection when processing web requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|---...

Security Bulletin: GraphQL Denial of Service security vulnerability CVE-2022-37734

Summary GraphQL has a Denial of Service security vulnerability CVE-2022-37734 in GraphQL-java Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request usin...

Security Bulletin: Security Vulnerability in Apache Tika used by Content Collector for Email in Content Search Services container (affected, not vulnerable)

Summary In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a...

Security Bulletin: A security vulnerability in FileNet Content Management Interoperability Services (CMIS) might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2018-1364)

Summary An XML external entity security vulnerability has been reported for FileNet Content Management Interoperability Services CMIS shipped with IBM Business Automation Workflow and IBM BPM. Vulnerability Details CVEID: CVE-2018-1364 DESCRIPTION: IBM Content Navigator 2.0 and 3.0 is vulnerable ...

Security Bulletin: Multiple security vulnerabilities with IBM FileNet Content Manager component in IBM Business Automation Workflow -CVE-2021-31811, CVE-2021-31812, CVE-2021-23926, CVE-2021-38965

Summary The embedded IBM FileNet Content Manager component, that is shipped with IBM Business Automation Workflow is vulnerable to multiple vulnerabilities. Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote...

Vulnerability fixed in IBM FileNet Content Manager

A vulnerability has been fixed in IBM FileNet Content Manager. The vulnerability allows a remote malicious person to execute arbitrary code. IBM has released updates to fix the vulnerability. More information can be found on the page below: https://www.ibm.com/support/pages/node/6509840...

IBM FileNet Content Manager Command Injection Vulnerability

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM of America. The solution combines document management with ready-to-use workflow tools to manage images, videos, Web content, compliance documents, etc. IBM FileNet Content Manager in versions 5.5.4,...

IBM FileNet Content Manager 操作系统命令注入漏洞

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM of America. The solution combines document management with ready-to-use workflow tools to manage images, videos, Web content, compliance documents, etc. IBM FileNet Content Manager in versions 5.5.4,...

Security Bulletin: IBM FileNet Content Manager Operating System command injection security vulnerability

Summary FileNet Content Manager component Administration Console for Content Platform Engine ACCE user Operating System command injection security vulnerability Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager could allow a remote authenticated attacker to...

Security Bulletin: Apache commons-compress security vulnerabilities in IBM Content Manager

Summary Apache commons-compress security vulnerabilities in IBM Content Navigator ICN toolkit affecting Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID: CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...