Medium Severity

Security Bulletin: Multiple Apache PDFBox security vulnerabilities

Share this post:

FileNet Content Manager (FNCM) has multiple Apache PDFBox security vulnerabilities in Content Platform Engine (CPE) and Content Search Services (CSS)

CVE(s): CVE-2021-31811, CVE-2021-31812

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Enterprise Content Management Text Search 5.5.4.0
IBM Enterprise Content Management Text Search 5.5.6.0
FileNet Content Manager 5.5.4
FileNet Content Manager 5.5.6

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6467839
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203615
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203587

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. ...read more


Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. ...read more


Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the "secureValidation" property when creating a KeyInfo from a KeyInfoReference element. ...read more