IBM220E4FC60AD91D19E8AEDF9CC3F59301AF3C0E705624EA2E0AE44DD59E5F7816Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175)
0.001 Low
EPSS
Percentile
39.2%
Summary
Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content Foundation.
Vulnerability Details
CVEID: CVE-2016-2175**
DESCRIPTION:** Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113548 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1
Remediation/Fixes
Install one of the fixes listed below to upgrade the Apache PDFBox patch 1.8.12.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| FileNet Content Manager | 5.1.0 |
5.2.0
5.2.1| PJ44278
PJ44412
PJ44279
PJ44415
PJ44279
PJ44415| 5.1.0.7-P8CE-FP007 - 8/11/2017
5.1.0.0-P8CSS-IF017 - 8/11/2017
5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/16/2016
5.2.1.6-P8CSS-FP006 - 12/16/2016
IBM Content Foundation| 5.2.0
5.2.1| PJ44279
PJ44415
PJ44279
PJ44415| 5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/16/2016
5.2.1.6-P8CSS-FP006 - 12/16/2016
In the above table, the APAR links will provide more information about the fix.
Workarounds and Mitigations
None.
Related
0.001 Low
EPSS
Percentile
39.2%