FileNet Deployment Manager external DTD security vulnerability.
CVEID: CVE-2018-1844 DESCRIPTION: IBM Case Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150904> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
FileNet Content Manager 5.2.1, 5.5.0
To resolve these vulnerabilities, install one of the releases listed below.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager |
5.2.1
5.5.0
5.2.1.7-P8CPE-IF004 - 10/8/2018
5.5.0.0-P8CPE-IF003 - 12/18/2018
In the above table, the APAR links will provide more information about the fix.
Do not run FileNet Deployment Manager or upgrade to 5.2.1.7-P8CPE-IF004 or 5.5.0.0-P8CPE-IF003.