Oracle Outside In Technology vulnerabilities were disclosed on April 14, 2015 by Oracle. These vulnerabilities are documented in CVE-2015-0474 and CVE-2015-0493 and affect the IBM FileNet Content Manager and IBM Content Foundation products.
CVEID: CVE-2015-0474 DESCRIPTION: A vulnerability in Oracle Outside In Technology could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error when parsing malicious files. By persuading a victim to open a specially-crafted DOCX file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102299 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-0493 DESCRIPTION: A vulnerability in Oracle Outside In Technology could allow a remote attacker to execute arbitrary code on the system. The ibpsd2.dll file improperly parses PSD (Photoshop) files. An attacker could exploit this vulnerability to cause a heap-based buffer overflow and execute arbitrary code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102298 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
IBM FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1
Install the applicable release below that contains OIT Critical Patch Update p20572683, which addresses the 2 CVEs in this Security Bulletin.
Product | VRMF | APAR | Remediation/First Fix Available |
---|---|---|---|
FileNet Content Manager (FNCM) | 5.1.0 | ||
5.2.0 | |||
5.2.1 | PJ43182 | ||
PJ43183 | |||
PJ43183 | |||
PJ43184 | |||
PJ43185 | |||
PJ43185 | 5.1.0.6-P8CE-FP006 - 7/31/2015 | ||
5.2.0.4-P8CPE-FP004 - 8/31/2015 | |||
5.2.1.2-P8CPE-FP002 - 6/10/2015 | |||
5.1.0.0-P8CSS-IF013 - 7/31/2015 | |||
5.2.0.4-P8CSS-FP004 - 8/31/2015 | |||
5.2.1.2-P8CSS-FP002 - 6/10/2015 | |||
IBM Content Foundation (ICF) | 5.2.0 | ||
5.2.1 | PJ43183 | ||
PJ43183 | |||
PJ43185 | |||
PJ43185 | 5.2.0.4-P8CPE-FP004 - 8/31/2015 | ||
5.2.1.2-P8CPE-FP002 - 6/10/2015 | |||
5.2.0.4-P8CSS-FP004 - 8/31/2015 | |||
5.2.1.2-P8CSS-FP002 - 6/10/2015 |
Releases available from Fix Central: <http://www.ibm.com/support/fixcentral/>
None