Denial of service vulnerability may affect Apache PDFBox v1.8.15 used by IBM FileNet Content Manager and IBM Enterprise Content Management Text Search.
CVEID: CVE-2018-11797
DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by a flaw when parsing the page tree. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150898> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
FileNet Content Manager 5.2.1, 5.5.0, 5.5.1
To resolve these vulnerabilities, install one of the patch sets listed below to upgrade Apache PDFBox to v1.8.16.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager |
5.2.1
5.5.0
5.5.1
PJ45534 [
PJ45535
](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45535>)
PJ45534 [
PJ45535
](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45535>)
|
5.2.1.7-P8CPE-IF005 - 2/13/2019
5.2.1.7-P8CSS-IF005 - 2/13/2019
5.5.0.0-P8CPE-IF003 - 12/18/2018
5.5.0.0-P8CSS-IF003 - 12/18/2018
5.5.1.0-P8CPE-IF002 - 1/15/2019
5.5.1.0-P8CSS-IF002 - 1/15/2019
In the above table, the APAR links will provide more information about the fix.
None
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.2.1 | |
filenet content manager | eq | 5.5.0 | |
filenet content manager | eq | 5.5.1 |