Security Bulletin: IBM Content Navigator logon response security vulnerability in FileNet Content Manager

Summary Security vulnerability in IBM Content Navigator logon response in FileNet Content Manager Vulnerability Details CVEID: CVE-2019-4679 DESCRIPTION: IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be...

Security Bulletin: An information disclosure vulnerability has been identified with the embedded Content Platform Engine component shipped with IBM Business Automation Workflow (CVE-2019-4572)

Summary A vulnerability in IBM FileNet Content Manager and Case Foundation, in some case, could contain user information in the log when Process Orchestration Web Services is invoked. Vulnerability Details CVEID: CVE-2019-4572 DESCRIPTION: IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific...

Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Administration Console for Content Platform Engine (ACCE)

Summary IBM FileNet Content Manager and Case Foundation have multiple security vulnerabilities in Administration Console for Content Platform Engine ACCE. Vulnerability Details CVEID: CVE-2019-4642 DESCRIPTION: IBM FileNet Content Manager allows web pages to be stored locally which can be read by...

IBM FileNet Content Manager and IBM Case Foundation Information Disclosure Vulnerability

IBM FileNet Content Manager and IBM Case Foundation are both products of IBM Corporation in the U.S. IBM FileNet Content Manager is a content management solution for the FileNet P8 platform. The solution combines document management with ready-to-use workflow tools to manage images, video, Web...

Security Bulletin: IBM FileNet Content Manager and Case Foundation are affected by Publicly disclosed vulnerability in Java July 2019

Summary IBM FileNet Content Manager and Case Foundation has addressed the following vulnerabilities in versions 5.5.2 and 5.5.3. Vulnerability Details CVEID: CVE-2019-2762 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component coul...

Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Process Orchestration Web Service logging

Summary A security vulnerability in IBM FileNet Content Manager and Case Foundation, in some case, could contain user information in the log when Process Orchestration Web Services is invoked. Vulnerability Details CVEID: CVE-2019-4572 DESCRIPTION: IBM FileNet Content Manager in specific...

CVE-2018-1542

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine ACCE 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose...

CVE-2018-1542

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine ACCE 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose...

CVE-2018-1542

The CVE-2018-1542 issue affects IBM FileNet Content Manager and IBM Content Foundation, specifically the Administration Console for Content Platform Engine (ACCE), version 5.2.1 and 5.5.0. ACCE processes XML data and is vulnerable to XML External Entity (XXE) injection, exposing sensitive informa...

Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

Summary IBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. Ability to execute remote attacker’s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload...

Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596)

Summary Apache Axis contains two security vulnerabilities that could allow for spoofing attacks. See the individual descriptions below for the details. Vulnerability Details CVE-ID: CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct...

Security Bulletin: IBM FileNet P8 Platform Documentation Installable Info Center cross-site scripting vulnerability (CVE-2013-6746)

Summary A cross-site scripting vulnerability has been identified in the IBM FileNet P8 Platform Documentation Installable Info Center that is shipped with the IBM FileNet Business Process Manager, IBM FileNet Content Manager, and IBM Case Foundation. Vulnerability Details The following components...

CVE-2013-6746

Cross-site scripting XSS vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

Cross site scripting

Cross-site scripting XSS vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

CVE-2013-6746

CVE-2013-6746 is an XSS vulnerability in IBM FileNet P8 Platform Documentation Installable Info Center shipped with IBM FileNet BPM, Content Manager, and Case Foundation. Affected components/versions include FileNet P8 Platform Documentation Installable Info Center 4.5.1–5.2.0, with IBM BPM 4.5.1...