A security vulnerability with the IBM FileNet Content Engine has been identified and addressed
A security vulnerability with the Content Engine has been discovered with PRIVILEGED_WRITE access. An unauthorized user who successfully exploited this vulnerability could alter privileged properties for certain objects even when they do not have PRIVILEGED_WRITE access to the Object Store. The steps set forth below should be implemented as soon as possible.
This vulnerability affects the following IBM FileNet P8 Content Manager (CM) and IBM FileNet P8 Business Process Manager (BPM) product components:
P8CE 5.0.0 at the GA base level
P8CE 4.5.1 at any level
P8CE 4.5.0 at any level
P8CE 4.0.1 at any level
P8CE 188.8.131.52 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 5.0.0 and IBM FileNet BPM 5.0.0 environments.
P8CE 4.5.1 Fix Pack 006 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 4.5.1 and IBM FileNet BPM 4.5.1 environments.
P8CE 184.108.40.206 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 4.5.0 and IBM FileNet BPM 4.5.0 environments.
P8CE 4.0.1 Fix Pack 013 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet CM 4.0.x and IBM FileNet BPM 4.0.x environments.
The Fix Packs and Interim Fixes will be available on Fix Central starting February 15, 2011. These fixes should be installed as soon as possible. Please follow the standard procedure to download the mandatory Fixes required for your environment.
Please note that P8CE 4.5.1 Fix Pack 005 (and earlier), P8 CE 4.5.0 Fix Pack 001 and P8 CE 4.0.1 Fix Pack 012 (and earlier) are no longer available at Fix Central as they are no longer supported.
Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/
For additional support questions, please contact the IBM Response Center at 1-800-IBM-SERV.
More support for:
FileNet Content Manager
Software version: 4.0.1, 4.5.0, 4.5.1, 5.0
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Reference #: 1462438
Modified date: 13 December 2012
Translate this page: