IBM Support

A security vulnerability with the IBM FileNet Rendition Engine has been identified and addressed.

Technote (FAQ)


Question

A security vulnerability with the Rendition Engine has been discovered. An unauthorized user who successfully exploited this vulnerability could gain the same access rights as those used to configure the Rendition Engine internal database. Environments that have followed the documented best practices guidelines and where account privileges are closely managed could experience less impact than environments where user accounts are given administrative or unnecessarily broad permissions. The steps set forth below should be implemented as soon as possible.

Answer

This vulnerability affects the following IBM FileNet P8 Rendition Engine releases:
P8RE 5.0.0 at the GA base level
P8RE 4.5.1 at the GA base level
P8RE 4.5.0 at the GA base level
P8RE 4.0.1 at the GA base level, Interim Fix 001 level or Interim Fix 002 level

P8RE 5.0.0 Fix Pack 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 5.0.0 environments.

P8RE 4.5.1.0 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 4.5.1 environments.

P8RE 4.5.0.0 Interim Fix 001 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 4.5.0 environments.

P8RE 4.0.1.0 Interim Fix 003 (or higher) addresses the vulnerability and is a mandatory update for all IBM FileNet RE 4.0.x environments.

The Interim Fixes will be available on Fix Central starting February 15, 2011, and the Fix Packs will be available on Fix Central starting March 11, 2011. These fixes should be installed as soon as possible. Please follow the standard procedure to download the mandatory fixes required for your environment.

Please note that P8RE 4.0.1 Interim Fixes 001 and 002 are no longer available via ftp as they are no longer supported.

Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/

For additional support questions, please contact the IBM Response Center at 1-800-IBM-SERV.

Document information

More support for: FileNet Rendition Engine

Software version: 4.0.1, 4.5.0, 4.5.1, 5.0.0

Operating system(s): Windows

Reference #: 1462440

Modified date: 07 December 2016


Translate this page: