Security Bulletin: Open Source Apache Xalan-Java reported in April X-Force Report in IBM Content Navigator

Summary Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. Vulnerability Details Apache...

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator

Summary Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVE-2014-0114 in IBM Content Navigator Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVSS Base Score: 7.5 CVSS Temporal Scor...

Security Bulletin: Reflected Cross-Site Scripting Vulnerability in IBM Content Navigator (CVE-2014-0874)

Summary Reflected Cross-Site Scripting Vulnerability in IBM Content Navigator Vulnerability Details CVEID: CVE-2014-0874 DESCRIPTION: Arbitrary characters inserted into request parameters are not properly encoded. Not encoding user-supplied input may expose a web application to cross-site...

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Description Apache Struts is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Apache Struts 1.0 through...

CVE-2015-1888

CVE-2015-1888 describes an XSS vulnerability in IBM Content Navigator (affected version(s) 2.0.3 and 2.0.2 prior to FPs) used with IBM Content Manager, FileNet Content Manager, Content Foundation, and Content Manager OnDemand. The root cause is improper validation of user-supplied input, which al...

CVE-2014-4763

CVE-2014-4763 is an XSS in IBM FileNet Content Navigator/Content Engine and IBM Content Foundation 5.2.x, exploitable by remote authenticated users via a crafted URL. Affected products: FileNet Content Manager 5.2.x and Content Foundation 5.2.x (before 5.2.0.3-P8CPE-IF003). Root cause: improper v...

CVE-2013-6746

Cross-site scripting XSS vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

Cross site scripting

Cross-site scripting XSS vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

CVE-2013-6746

CVE-2013-6746 is an XSS vulnerability in IBM FileNet P8 Platform Documentation Installable Info Center shipped with IBM FileNet BPM, Content Manager, and Case Foundation. Affected components/versions include FileNet P8 Platform Documentation Installable Info Center 4.5.1–5.2.0, with IBM BPM 4.5.1...

CVE-2013-5449

Cross-site scripting XSS vulnerability in workingSet.jsp in IBM Eclipse Help System IEHS, as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-5449

Cross-site scripting XSS vulnerability in workingSet.jsp in IBM Eclipse Help System IEHS, as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-5449

CVE-2013-5449 is an XSS vulnerability in the IBM Eclipse Help System (IEHS) used by IBM FileNet Content Manager InfoCenter. The issue affects IEHS in the installable InfoCenter components of multiple IBM FileNet/Content Manager versions and is triggered via crafted URLs to execute script in a use...

Design/Logic Flaw

IBM FileNet Content Manager CM 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors...

Design/Logic Flaw

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...

CVE-2009-1953

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...