Security Bulletin: Apache Xalan-Java の脆弱性 (CVE-2014-0107) による IBM FileNet Business Process Framework への影響

Summary Apache Xalan-Java にはリモートの攻撃者がセキュリティの制限をバイパスできてしまうおそれがあります。 ご利用の IBM FileNet Business Process Framework V4.1.0.x に4.1 Fix Pack 10 を適用後、4.1.0.10-P8BPF-IF002 を適用してください。修正を適用する以外の回避策はございません。 Vulnerability Details 影響を受ける製品およびバージョン： · IBM FileNet Business Process Framework V4.1.0.x 解決策および回避策：...

Security Bulletin: IBM FileNet Business Process Framework is affected by a vulnerability in Apache Xalan-Java (CVE-2014-0107)

Summary Open Source Apache Xalan-Java could allow a remote attacker to bypass security restrictions. Vulnerability Details CVE ID: CVE--2014-0107 Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

Xxe

IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2013-5452

CVE-2013-5452 affects IBM FileNet/IBM BPM 4.1.0 (IBM BPM document store component). The vulnerability is an XML External Entity (XXE) issue that allows remote authenticated users to read arbitrary files or to send TCP requests to intranet servers via XML data containing an external entity declara...