Security Bulletin
Summary
Oracle Outside In Technology has Security vulnerabilities which may be exposed within the use of Content Manager Enterprise Edition
Vulnerability Details
CVEID: CVE-2013-5791
DESCRIPTION:
Content Manager Enterprise Edition bundles some of the tools provided by Oracle Outside In Technology. The Oracle Outside In Microsoft Access 1.x database file parser is vulnerable to a stack-based buffer overflow.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87925
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-5763
DESCRIPTION:
Content Manager Enterprise Edition bundles some of the tools provided by Oracle Outside In Technology. Oracle Outside In Technology has additional security vulnerabilities which are fixed within the patch referred to below.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88557 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
DESCRIPTION:
Content Manager Enterprise Edition bundles some of the tools provided by Oracle Outside In Technology. The Oracle Outside In Microsoft Access 1.x database file parser is vulnerable to a stack-based buffer overflow.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87925
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-5763
DESCRIPTION:
Content Manager Enterprise Edition bundles some of the tools provided by Oracle Outside In Technology. Oracle Outside In Technology has additional security vulnerabilities which are fixed within the patch referred to below.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88557 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Affected Products and Versions
CM 8.4.3
CM 8.5
CM 8.5
Remediation/Fixes
<Product |
VRMF | APAR | Remediation/First Fix |
Content Manager Enterprise Edition | 8.4.3 8.5 |
Upgrade to V8.4.3 FP4 or Higher Upgrade to V8.5. FP1 or Higher |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Off
Change History
30 December 2013 - Original Copy Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
[{"Product":{"code":"SSRS7Z","label":"IBM Content Manager Enterprise Edition"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.5;8.4.3","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
29 January 2024
UID
swg21660964