Lucene search
IBMC260EC2175406F4F60DF6C4D6E6D75403FA0109C5765373CC99F16C4520E02F7HistoryNov 10, 2020 - 10:15 p.m.
Security Bulletin: CSV Injection Security vulnerability in ACCE in FileNet Content Manager
2020-11-1022:15:42
www.ibm.com
14
0.001 Low
EPSS
Percentile
26.2%
Summary
Administration Console for Content Platform Engine (ACCE) CSV Injection Security vulnerability exists in FileNet Content Manager
Vulnerability Details
CVEID:CVE-2020-4759
**DESCRIPTION:**IBM FileNet Content Manager is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| FileNet Content Manager | 5.5.4 |
| FileNet Content Manager | 5.5.5 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| FileNet Content Manager | 5.5.4 | ||
| 5.5.5 | PJ46215 | ||
| PJ46215 | 5.5.4.0-P8CPE-IF003 - 11/4/2020 | ||
| 5.5.5.0-P8CPE-IF002 - 9/25/2020 |
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| filenet content manager | eq | 5.5.4 | |
| filenet content manager | eq | 5.5.5 |
Related
nvd
nvd
CVE-2020-4759
2020-11-09 21:15:13
cvelist
cvelist
CVE-2020-4759
2020-11-06 00:00:00
cve
cve
CVE-2020-4759
2020-11-09 21:15:13
prion
prion
Input validation
2020-11-09 21:15:00
0.001 Low
EPSS
Percentile
26.2%
Related for C260EC2175406F4F60DF6C4D6E6D75403FA0109C5765373CC99F16C4520E02F7