FileNet Workplace XT is vulnerable to the File Extension validation bypass which allows malicious content to be uploaded to the FileNet P8 server
CVEID: CVE-2016-8921**
DESCRIPTION:** IBM FileNet Workplace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118531 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
FileNet Workplace XT 1.1.5
Refer to the Workarounds and Mitigations section.
There are 2 different ways to address this vulnerability. Either can be implemented separately or they can be used together.
To avoid malicious content from being uploaded in to the P8 repository:
(1) Create a custom event action that’s triggered on an AddDocument event that checks either the file type being added or calls a file scanner to validate the contents before the content is added.
(2) Configure a file scanner to scan the storage volume where content is being saved and have it send an alert when it finds malicious content.
To prevent content that contains JavaScript code from being executed when it is viewed by Workplace XT:
(1) Force JavaScript files to be viewed as text. A Workplace XT response filter could be implemented to change the MIME Type from JavaScript to Text.
(2) Configure your browser to not execute JavaScript files.
The above suggested implementations are examples of various ways to prevent malicious content from being either uploaded and/or executed. Please contact IBM Support for additional information.
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 1.1.5 |