PT-2020-18229 · Ibm · Filenet Content Manager

Published

2020-11-09

Updated

2020-11-12

CVE-2020-4759

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM FileNet Content Manager versions 5.5.4 through 5.5.5

Description The issue is caused by improper validation of csv file contents, allowing a remote attacker to execute arbitrary commands on the system. This is a result of a CVS Injection flaw.

Recommendations For versions 5.5.4 and 5.5.5, update to a version that includes the fix for this issue, as the current versions are potentially vulnerable to CVS Injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2020-4759

Affected Products

Filenet Content Manager

PT-2020-18229 · Ibm · Filenet Content Manager

CVE-2020-4759

Weakness Enumeration

Related Identifiers

Affected Products

References · 5