Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability

Summary Security vulnerability may affect Apache HttpClient used by IBM FileNet Content Manager. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname...

CVE-2018-1844

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904...

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation

Summary Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology OIT Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation. Oracle OIT issues disclosed in the Oracle April 2018 Critical Patch Update. Vulnerability Details Advisory CVEs: CVEID:...

Security Bulletin: IBM FileNet Content Manager and IBM Content Foundation are affected by multiple vulnerabilities in the Administration Console for Content Platform Engine (ACCE)

Summary The IBM FileNet Content Manager and IBM Content Foundation component "Administration Console for Content Platform Engine" ACCE, is affected by multiple security vulnerabilities. Vulnerability Details Advisory CVEs: CVEID: CVE-2018-1542 DESCRIPTION: The Administration Console for Content...

IBM FileNet Content Manager and Content Foundation Administration Console for Content Platform Engine XML External Entity Injection Vulnerability

IBM FileNet Content Manager and Content Foundation are both content management solutions for the FileNet P8 platform from IBM USA. The solutions combine document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, etc. Administration Console for...

CVE-2018-1556

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1428...

Security Bulletin: IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities

Summary IBM FileNet Image Services has addressed multiple GSKit and GSKit-Crypto vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...

Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

Summary IBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. Ability to execute remote attacker’s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload...

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation

Summary Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology OIT Version 8.5.2 in IBM FileNet Content Manager, and IBM Content Foundation. Oracle OIT issues disclosed in the Oracle January 2017 Critical Patch Update. Vulnerability Details Advisory CVEs: CVE-2017-326...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation

Summary Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation. Java SE issues disclosed in the Oracle January 2017 Critical Patch Update...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and OpenSSL affect IBM FileNet System Monitor/IBM Enterprise Content Management System

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 & May 3, 2016 by the OpenSSL Project. OpenSSL is used by Enterprise Content Management System Monitor has addressed the applicable CVEs. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is...

Security Bulletin: Vulnerability in Oracle Outside In Technology (OIT) affects FileNet Content Manager and IBM Content Foundation (CVE-2016-3455)

Summary Security vulnerabilitiy exists in in Oracle Outside In Technology OIT which affects the IBM FileNet Content Manager and IBM Content Foundation products. Vulnerability Details CVE-ID: CVE-2016-3455 Description: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside...

Security Bulletin: Installer vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation, and FileNet BPM (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

Security Bulletin: Multiple vulnerabilities exist with Oracle Outside In Technology (OIT) in IBM FileNet Content Manager and IBM Content Foundation.

Summary Five security vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation. See the individual description for the details. Vulnerability Details CVEID: CVE-2015-4808 DESCRIPTION: An unspecified vulnerability in the Oracle Outside In Technology Outside In Filters...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5...

Security Bulletin: Four vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation (CVE-2015-4809, CVE-2015-4811, CVE-2015-4877, CVE-2015-4878)

Summary There are four security vulnerabilities in the Oracle Outside In Technology OIT software used in the IBM FileNet Content Manager and IBM Content Foundation products. See the individual descriptions below for details. These issues are addressed in the OIT October 2015 Critical Patch Update...

Security Bulletin: Two vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation (CVE-2015-0474 and CVE-2015-0493)

Summary Oracle Outside In Technology vulnerabilities were disclosed on April 14, 2015 by Oracle. These vulnerabilities are documented in CVE-2015-0474 and CVE-2015-0493 and affect the IBM FileNet Content Manager and IBM Content Foundation products. Vulnerability Details CVEID: CVE-2015-0474...

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-1888)

Summary IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2015-1888 IBM Content Navigator is vulnerable to cross-site scripting. The vulnerability is caused by improper validation of user...

Security Bulletin: Three vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM (CVE-2014-6593, CVE-2015-0410, and CVE-20150-0383)

Summary Three security vulnerabilities exist in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM. See the individual description for the details. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to th...

Security Bulletin: IBM Content Collector affected by information disclosure vulnerability (CVE-2015-0146)

Summary IBM Content Collector for Email could allow a local attacker to obtain sensitive information, caused by improper handling of a search query. This error occurs only for searches on IBM FileNet P8 systems that are configured with IBM Content Search Services. Vulnerability Details CVEID:...