Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Description Apache Struts is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Apache Struts 1.0 through...

CVE-2015-1888

CVE-2015-1888 describes an XSS vulnerability in IBM Content Navigator (affected version(s) 2.0.3 and 2.0.2 prior to FPs) used with IBM Content Manager, FileNet Content Manager, Content Foundation, and Content Manager OnDemand. The root cause is improper validation of user-supplied input, which al...

CVE-2014-4763

CVE-2014-4763 is an XSS in IBM FileNet Content Navigator/Content Engine and IBM Content Foundation 5.2.x, exploitable by remote authenticated users via a crafted URL. Affected products: FileNet Content Manager 5.2.x and Content Foundation 5.2.x (before 5.2.0.3-P8CPE-IF003). Root cause: improper v...

CVE-2013-6746

Cross-site scripting XSS vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

Cross site scripting

Cross-site scripting XSS vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

CVE-2013-6746

CVE-2013-6746 is an XSS vulnerability in IBM FileNet P8 Platform Documentation Installable Info Center shipped with IBM FileNet BPM, Content Manager, and Case Foundation. Affected components/versions include FileNet P8 Platform Documentation Installable Info Center 4.5.1–5.2.0, with IBM BPM 4.5.1...

CVE-2013-5449

Cross-site scripting XSS vulnerability in workingSet.jsp in IBM Eclipse Help System IEHS, as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-5449

CVE-2013-5449 is an XSS vulnerability in the IBM Eclipse Help System (IEHS) used by IBM FileNet Content Manager InfoCenter. The issue affects IEHS in the installable InfoCenter components of multiple IBM FileNet/Content Manager versions and is triggered via crafted URLs to execute script in a use...

CVE-2013-5449

Cross-site scripting XSS vulnerability in workingSet.jsp in IBM Eclipse Help System IEHS, as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

IBM FileNet Content Manager CM 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors...

Design/Logic Flaw

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...

CVE-2009-1953

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...