-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2010.0581.2
A security vulnerability with the IBM FileNet P8 Content Engine and Content
              Search Engine has been identified and addressed
                                1 July 2010

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM FileNet P8 Content Manager 4.5.0 and 4.5.1
                   IBM FileNet P8 Business Process Manager 4.5.0 and 4.5.1
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Administrator Compromise -- Remote/Unauthenticated
                   Unauthorised Access      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2010-2518  

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21438487

Revision History:  July  1 2010: Added CVE reference
                   June 29 2010: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

A security vulnerability with the IBM FileNet P8 Content Engine and Content 
Search Engine has been identified and addressed

Flash (Alert)
 
Abstract
A security vulnerability with the IBM FileNet P8 Content Engine and Content 
Search Engine has been discovered. An attacker who successfully exploited this 
vulnerability could gain the same user rights as the user credentials used to 
install and configure the CSE or the user credentials used to bootstrap the CE. 
Environments that have followed the documented best practices guidelines and 
where account privileges are closely managed could experience less impact than 
environments where user accounts are given administrative or unnecessarily 
broad permissions.
 
Content
This vulnerability affects the following IBM FileNet P8 Content Manager (CM) 
and IBM FileNet P8 Business Process Manager (BPM) product components:
P8CE 4.5.1 at the GA base level, Fix Pack 1 level or Fix Pack 2 level
P8CSE 4.5.1 at the GA base level
P8CSE 4.5.0 at the GA base level or Fix Pack 2 level
P8CSE 4.0.1 at the 4.5.0 Fix Pack 2 level

P8CE 4.5.1 Fix Pack 3 and P8CSE 4.5.1 Fix Pack 1 address the vulnerability and 
are mandatory updates for all IBM FileNet CM 4.5.1 and IBM FileNet BPM 4.5.1 
environments.

P8CSE 4.5.0 Fix Pack 3 addresses the vulnerability and is a mandatory update 
for all IBM FileNet CM 4.5.0, IBM FileNet BPM 4.5.0, IBM FileNet CM 4.0.x and 
IBM FileNet BPM 4.0.x environments that have IBM FileNet P8 Content Search 
Engine installed and configured.

The Fix Packs are available on Fix Central starting June 28, 2010. Please 
follow the standard procedure to download the mandatory Fix Packs required 
for your environment.

Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/

For additional support questions, please contact the IBM Response Center at 
1-800-IBM-SERV.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFMK/mY/iFOrG6YcBERAnUeAJ4hS4BuUmFZyIBVOeL9Ubqh3+6AlgCgtEcs
B2iQHfC7dfXxfWH+Io4k0GU=
=Tgwb
-----END PGP SIGNATURE-----