PT-2016-6746 · Ibm · Ibm Filenet Workplace
Roshan Thomas
·
Published
2016-11-25
·
Updated
2016-11-28
·
CVE-2016-5981
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM FileNet Workplace XT versions 1.1.5.2-WPXT-LA011 and earlier
IBM FileNet Workplace (Application Engine) versions 4.0.2.14-P8AE-IF001 and earlier
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when the RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allowing remote attackers to inject arbitrary web script or HTML.
Recommendations
For IBM FileNet Workplace XT versions 1.1.5.2-WPXT-LA011 and earlier, ensure proper configuration of RegExpSecurityFilter and ScriptSecurityFilter to prevent XSS attacks.
For IBM FileNet Workplace (Application Engine) versions 4.0.2.14-P8AE-IF001 and earlier, ensure proper configuration of RegExpSecurityFilter and ScriptSecurityFilter to prevent XSS attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Filenet Workplace