=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN244
_____________________________________________________________________

DATE                      : 01/07/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running IBM FileNet P8 Content Manager,
                             IBM FileNet P8 Business Process Manager.

======================================================================
http://www-01.ibm.com/support/docview.wss?uid=swg21438487
______________________________________________________________________

A security vulnerability with the IBM FileNet P8 Content Engine and Content
Search Engine has been identified and addressed

Flash (Alert)

Abstract
A security vulnerability with the IBM FileNet P8 Content Engine and Content
Search Engine has been discovered. An attacker who successfully exploited this
vulnerability could gain the same user rights as the user credentials used to
install and configure the CSE or the user credentials used to bootstrap the CE.
Environments that have followed the documented best practices guidelines and
where account privileges are closely managed could experience less impact than
environments where user accounts are given administrative or unnecessarily
broad permissions.

Content
This vulnerability affects the following IBM FileNet P8 Content Manager (CM)
and IBM FileNet P8 Business Process Manager (BPM) product components:
P8CE 4.5.1 at the GA base level, Fix Pack 1 level or Fix Pack 2 level
P8CSE 4.5.1 at the GA base level
P8CSE 4.5.0 at the GA base level or Fix Pack 2 level
P8CSE 4.0.1 at the 4.5.0 Fix Pack 2 level

P8CE 4.5.1 Fix Pack 3 and P8CSE 4.5.1 Fix Pack 1 address the vulnerability and
are mandatory updates for all IBM FileNet CM 4.5.1 and IBM FileNet BPM 4.5.1
environments.

P8CSE 4.5.0 Fix Pack 3 addresses the vulnerability and is a mandatory update
for all IBM FileNet CM 4.5.0, IBM FileNet BPM 4.5.0, IBM FileNet CM 4.0.x and
IBM FileNet BPM 4.0.x environments that have IBM FileNet P8 Content Search
Engine installed and configured.

The Fix Packs are available on Fix Central starting June 28, 2010. Please
follow the standard procedure to download the mandatory Fix Packs required
for your environment.

Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/

For additional support questions, please contact the IBM Response Center at
1-800-IBM-SERV.
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================