CVE-2021-38965

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
2.3%
top 15.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Filenet Content Manager
Timeline
PublishedJan 17
Latest updateJan 18

Description

IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/filenet_content_manager5.5.4, 5.5.6, 5.5.7+2
NVDibm/filenet_content_manager5.5.4, 5.5.6, 5.5.7+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-h477-p4j9-h8jp: IBM FileNet Content Manager 52022-01-18
CVEList
CVE-2021-38965: IBM FileNet Content Manager 52022-01-17
CVE-2021-38965 (HIGH CVSS 8.8) | IBM FileNet Content Manager 5.5.4 | cvebase.io