IBMDE757BCB127E9502394C6F7620425791D131BDD6D84133938E4CE646B88CA6ADSecurity Bulletin: Cross Site Scripting security vulnerabilities in FileNet Content Manager
0.001 Low
EPSS
Percentile
19.6%
Summary
Cross Site Scripting security vulnerabilities in FileNet Content Manager in Administration Console for Content Platform Engine (ACCE)
Vulnerability Details
CVEID:CVE-2020-4447
**DESCRIPTION:**IBM FileNet Content Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| FileNet Content Manager | 5.5.3 |
| FileNet Content Manager | 5.5.4 |
Remediation/Fixes
To address this vulnerability, install one of the below releases:
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| FileNet Content Manager | 5.5.3 | ||
| 5.5.4 | PJ46144 | ||
| PJ46144 | 5.5.3.0-P8CPE-IF003 - 7/16/2020 | ||
| 5.5.4.0-P8CPE-IF002 - 7/21/2020 |
In the above table, the APAR links will provide more information about the fix.
Only versions covered by continuous support for fixes are listed. Please apply the listed update to remediate.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| filenet content manager | eq | 5.5.3 | |
| filenet content manager | eq | 5.5.4 |
Related
0.001 Low
EPSS
Percentile
19.6%