Security Bulletin: IBM FileNet Content Manager and IBM Content Foundation – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Content Manager and IBM Content Foundation is vulnerable to a denial of service attack, triggered by malformed XML data. Content The products listed below might be affected by security vulnerabilities reported to the Apache Xerces-J...

Security Bulletin: WebSphere network security vulnerability in IBM Content Foundation on Cloud

Summary WebSphere network security vulnerability in IBM Content Foundation on Cloud containers Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain...

Security Bulletin: Vulnerability in SSLv3 affects FileNet Content Manager, FileNet BPM and IBM Content Foundation (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is a configurable option in FileNet Content Manager and FileNet BPM products. If using SSLv3 with these products, please refer to the sections below to...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM FileNet Content Manager, IBM FileNet BPM and IBM Content Foundation products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack affects products that use the SSL/TLS protocol as a means for secure communication. The IBM FileNet Content Manager, IBM FileNet BPM and IBM Content Foundation products can be configured to use the SSL/TLS protocol and are thus potentially affected by this...

Security Bulletin: One vulnerability in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine (CVE-2014-0114)

Summary A security vulnerability exists in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine. See the individual descriptions for the details. Vulnerability Details CVEID: CVE-2014-0114 CVE-2014-0114...

Security Bulletin: IBM Content Foundation on Cloud security vulnerability in WebSphere container

Summary There is a denial of service and Networking security vulnerabilities in WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote...

Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerabilities in IBM Content Foundation on Cloud

Summary IBM Content Foundation on Cloud in IBM WebSphere Application Server Network Deployment has security vulnerablities. Vulnerability Details CVEID: CVE-2020-4304 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This...

Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerability in IBM Content Foundation on Cloud

Summary IBM Content Foundation on Cloud contains a IBM WebSphere Application Server Network Deployment security vulnerability Vulnerability Details CVEID: CVE-2020-4163 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated...

Security Bulletin: WebSphere security vulnerability in IBM Content Foundation on Cloud

Summary IBM WebSphere Application Server Network Deployment security vulnerability in Content Platform Engine Container Vulnerability Details CVEID: CVE-2020-4421 DESCRIPTION: IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoo...

Security Bulletin: Vulnerability in SSLv3 affects FileNet Content Manager, FileNet BPM and IBM Content Foundation (CVE-2014-3566)

Abstract Security Bulletin: Vulnerability in SSLv3 affects FileNet Content Manager, FileNet BPM and IBM Content Foundation CVE-2014-3566 Body IBM just posted a Security Bulletin of a vulnerability in SSLv3 which affects FileNet Content Manager, FileNet BPM and IBM Content Foundation. SSLv3 contai...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000)

Abstract Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM CVE-2015-4000 Body IBM has provided fix packs for FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager products to address...

Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation

Summary Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology OIT Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation. Oracle OIT issues disclosed in the Oracle April 2018 Critical Patch Update. Vulnerability Details Advisory CVEs: CVEID:...

Security Bulletin: IBM FileNet Content Manager and IBM Content Foundation are affected by multiple vulnerabilities in the Administration Console for Content Platform Engine (ACCE)

Summary The IBM FileNet Content Manager and IBM Content Foundation component "Administration Console for Content Platform Engine" ACCE, is affected by multiple security vulnerabilities. Vulnerability Details Advisory CVEs: CVEID: CVE-2018-1542 DESCRIPTION: The Administration Console for Content...

IBM FileNet Content Manager and Content Foundation Administration Console for Content Platform Engine XML External Entity Injection Vulnerability

IBM FileNet Content Manager and Content Foundation are both content management solutions for the FileNet P8 platform from IBM USA. The solutions combine document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, etc. Administration Console for...

CVE-2018-1542

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine ACCE 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose...

CVE-2018-1542

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine ACCE 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose...

CVE-2018-1542

The CVE-2018-1542 issue affects IBM FileNet Content Manager and IBM Content Foundation, specifically the Administration Console for Content Platform Engine (ACCE), version 5.2.1 and 5.5.0. ACCE processes XML data and is vulnerable to XML External Entity (XXE) injection, exposing sensitive informa...

Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

Summary IBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. Ability to execute remote attacker’s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 7, 8 and IBM® Runtime Environment Java™ Version 7, 8 shipped with IBM FileNet Content Manager and IBM Content Foundation

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 7, 8 and IBM® Runtime Environment Java™ Version 7, 8 which is shipped with IBM FileNet Content Manager and IBM Content Foundation. These issues were disclosed as part of the IBM Java SDK updates in July 2017...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation

Summary Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation. Java SE issues disclosed in the Oracle April 2017 Critical Patch Update...