Security Bulletin: IBM Content Navigator affected by reflected cross-site scripting issue <CVE-2014-8911>

Summary Reflected cross-site scripting issue using the "Accept-Language" header parameter affects IBM Content Navigator. Vulnerability Details CVEID: CVE-2014-8911 DESCRIPTION: IBM Content Navigator is vulnerable to reflected cross-site scripting, caused by improper validation of user supplied...

Security Bulletin: Vulnerability in SSLv3 affects IBM Content Navigator (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the Knowledge Center for IBM Content Navigator V2.0.3. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...

Security Bulletin: Open Source Apache Xalan-Java reported in April X-Force Report in IBM Content Navigator

Summary Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. Vulnerability Details Apache...

Security Bulletin: One vulnerability in IBM FileNet Content Manager and IBM Content Foundation (CVE-2014-4763)

Summary A security vulnerability exists in IBM FileNet Content Manager and IBM Content Foundation. Vulnerability Details CVEID: CVE-2014-4763 IBM Content Navigator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

Security Bulletin: Apache Xalan-Java の脆弱性 (CVE-2014-0107) による IBM FileNet Business Process Framework への影響

Summary Apache Xalan-Java にはリモートの攻撃者がセキュリティの制限をバイパスできてしまうおそれがあります。 ご利用の IBM FileNet Business Process Framework V4.1.0.x に4.1 Fix Pack 10 を適用後、4.1.0.10-P8BPF-IF002 を適用してください。修正を適用する以外の回避策はございません。 Vulnerability Details 影響を受ける製品およびバージョン： · IBM FileNet Business Process Framework V4.1.0.x 解決策および回避策：...

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator

Summary Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVE-2014-0114 in IBM Content Navigator Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVSS Base Score: 7.5 CVSS Temporal Scor...

Security Bulletin: IBM FileNet Business Process Framework is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)

Summary Open Source Apache Xalan-Java could allow a remote attacker to bypass security restrictions. Vulnerability Details CVE ID: CVE--2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Security Bulletin: IBM FileNet P8 Platform Documentation Installable Info Center cross-site scripting vulnerability (CVE-2013-6746)

Summary A cross-site scripting vulnerability has been identified in the IBM FileNet P8 Platform Documentation Installable Info Center that is shipped with the IBM FileNet Business Process Manager, IBM FileNet Content Manager, and IBM Case Foundation. Vulnerability Details The following components...

CVE-2016-8921

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

CVE-2016-8921

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

CVE-2016-3047

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Open redirect

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2016-3047

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2016-3055

IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

CVE-2016-3055

IBM FileNet Workplace 4.0.2 is affected by CVE-2016-3055 due to an XML External Entity (XXE) flaw in processing XML data, which could allow remote authenticated users to read arbitrary files or cause a memory-based denial of service. Affected version: FileNet Workplace 4.0.2 (before 4.0.2.14 LA01...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace Application Engine through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-5878

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2016-5878

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2016-3054

Cross-site scripting XSS vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file...

Open redirect

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...