Three security vulnerabilities exist in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM. See the individual description for the details.
CVEID:CVE-2014-6593**
DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) **
CVEID:CVE-2015-0410**
DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) **
CVEID:CVE-2015-0383**
DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100148 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C) **
IBM FileNet Content Manager 5.1.0, 5.2.0, 5.2.1 (includes CSS)
IBM Content Foundation 5.2.0, 5.2.1 (includes CSS)
IBM FileNet BPM 4.5.1, 5.0.0, 5.2.0
Upgrade to Java Runtime Environment (JRE) 1.6.0 SR16 FP3 or higher to avoid the security vulnerabilities listed in this Security Bulletin. By installing the applicable fixes in the table below, the private IBM JRE used by Process Engine (PE), Content Engine (CP/CPE) and Content Search Services (CSS) will be updated to 1.6.0 SR16 FP3.
Product | VRMF | Remediation/First Fix Available |
---|---|---|
FileNet Content Manager | 5.1.0, | |
5.2.0, | ||
5.2.1 | 5.2.0.3-P8CPE-IF006 - April 8, 2015 | |
5.2.1.0-P8CPE-IF002 - April 8, 2015 | ||
5.1.0.0-P8CSS-IF011 - April 8, 2015 | ||
5.2.0.2-P8CSS-IF003 - April 8, 2015 | ||
5.2.1.0-P8CSS-IF001 - April 8, 2015 | ||
IBM Content Foundation | 5.2.0, | |
5.2.1 | 5.2.0.3-P8CPE-IF006 - April 8, 2015 | |
5.2.1.0-P8CPE-IF002 - April 8, 2015 | ||
5.2.0.2-P8CSS-IF003 - April 8, 2015 | ||
5.2.1.0-P8CSS-IF001 - April 8, 2015 | ||
FileNet BPM | 4.5.1 | |
5.0.0, | ||
5.2.0 | 4.5.1.4-P8PE-IF007 - April 8, 2015 | |
5.0.0.8-P8PE-IF001 - April 8, 2015 | ||
eProcess-5.2.0-001.005 – April 10, 2015 |
None