IBM Support

A security vulnerability with the IBM FileNet Content Engine has been identified and addressed

Technote (FAQ)


Question

A security vulnerability with the Content Engine has been discovered with PRIVILEGED_WRITE access. An unauthorized user who successfully exploited this vulnerability could alter privileged properties for certain objects even when they do not have PRIVILEGED_WRITE access to the Object Store. The steps set forth below should be implemented as soon as possible.

Answer

This vulnerability affects the following IBM FileNet P8 Content Manager (CM) and IBM FileNet P8 Business Process Manager (BPM) product components:
P8CE 5.0.0 at the GA base level

P8CE 4.5.1 at any level
P8CE 4.5.0 at any level
P8CE 4.0.1 at any level

P8CE 5.0.0.0 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 5.0.0 and IBM FileNet BPM 5.0.0 environments.

P8CE 4.5.1 Fix Pack 006 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 4.5.1 and IBM FileNet BPM 4.5.1 environments.

P8CE 4.5.0.2 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 4.5.0 and IBM FileNet BPM 4.5.0 environments.

P8CE 4.0.1 Fix Pack 013 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 4.0.x and IBM FileNet BPM 4.0.x environments.

The Fix Packs and Interim Fixes will be available on Fix Central starting February 15, 2011. These fixes should be installed as soon as possible. Please follow the standard procedure to download the mandatory Fixes required for your environment.

Please note that P8CE 4.5.1 Fix Pack 005 (and earlier), P8 CE 4.5.0 Fix Pack 001 and P8 CE 4.0.1 Fix Pack 012 (and earlier) are no longer available at Fix Central as they are no longer supported.

Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/

For additional support questions, please contact the IBM Response Center at 1-800-IBM-SERV.


Document information

More support for: FileNet Content Manager
Content Engine

Software version: 4.0.1, 4.5.0, 4.5.1, 5.0

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1462438

Modified date: 13 December 2012


Translate this page: