Question & Answer
Question
A security vulnerability with the Rendition Engine has been discovered. An unauthorized user who successfully exploited this vulnerability could gain the same access rights as those used to configure the Rendition Engine internal database. Environments that have followed the documented best practices guidelines and where account privileges are closely managed could experience less impact than environments where user accounts are given administrative or unnecessarily broad permissions. The steps set forth below should be implemented as soon as possible.
Answer
This vulnerability affects the following IBM FileNet P8 Rendition Engine releases:
P8RE 5.0.0 at the GA base level
P8RE 4.5.1 at the GA base level
P8RE 4.5.0 at the GA base level
P8RE 4.0.1 at the GA base level, Interim Fix 001 level or Interim Fix 002 level
P8RE 5.0.0 Fix Pack 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 5.0.0 environments.
P8RE 4.5.1.0 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 4.5.1 environments.
P8RE 4.5.0.0 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 4.5.0 environments.
P8RE 4.0.1.0 Interim Fix 003 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 4.0.x environments.
The Interim Fixes will be available on Fix Central starting February 15, 2011, and the Fix Packs will be available on Fix Central starting March 11, 2011. These fixes should be installed as soon as possible. Please follow the standard procedure to download the mandatory fixes required for your environment.
Please note that P8RE 4.0.1 Interim Fixes 001 and 002 are no longer available via ftp as they are no longer supported.
Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/
For additional support questions, please contact the IBM Response Center at 1-800-IBM-SERV.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21462440