Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9A9CDC081B86AC175B4A1D17F9B7D84DFF82F780CE1340F15BCE7F7F3D39D954
HistoryJun 17, 2018 - 12:08 p.m.

Security Bulletin: One vulnerability in IBM FileNet Content Manager and IBM Content Foundation (CVE-2014-4763)

2018-06-1712:08:21
www.ibm.com
3

0.001 Low

EPSS

Percentile

47.8%

JSON

Summary

A security vulnerability exists in IBM FileNet Content Manager and IBM Content Foundation.

Vulnerability Details

CVEID:CVE-2014-4763

IBM Content Navigator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

ACCE is vulnerable since it uses the framework from the affected version of ICN.

CVSS Base Score: 3.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94660 for the current score CVSS Environmental Score: Undefined* CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

**Note:**According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Affected Products and Versions

IBM FileNet Content Manager 5.2.x
IBM Content Foundation 5.2.x

Remediation/Fixes

Product

| VRMF|Remediation/First Fix
—|—|—
FileNet Content Manager| 5.2.0.3-P8CPE-IF003| eGA September 5, 2014
IBM Content Foundation| 5.2.0.3-P8CPE-IF003| eGA September 5, 2014

Workarounds and Mitigations

Test fixes will be made available upon request to any affected customer who is not able to update to the fix pack level that contains the fix.

**Important note:**IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.

CPENameOperatorVersion
filenet content managereq5.2.0

Related

cvelist 1
cve 1
prion 1
nvd 1
ibm 1
cvelist
cvelist
CVE-2014-4763
2014-09-15 14:00:00
cve
cve
CVE-2014-4763
2014-09-15 14:55:11
prion
prion
Cross site scripting
2014-09-15 14:55:00
nvd
nvd
CVE-2014-4763
2014-09-15 14:55:11
ibm
ibm
Security Bulletin: Vulnerabilities in IBM Business Process Manager (BPM) DocumentStore administration (CVE-2014-0107, CVE-2014-4763)
2018-06-15 07:01:52

0.001 Low

EPSS

Percentile

47.8%

JSON
Related for 9A9CDC081B86AC175B4A1D17F9B7D84DFF82F780CE1340F15BCE7F7F3D39D954
cvelist1cve1prion1nvd1ibm1