178 matches found
CVE-2010-3473
Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2009-5000
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...
CVE-2010-3470
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-3472
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-3471
Session fixation vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2009-5001
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...
CVE-2008-7261
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...
CVE-2009-4998
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...
CVE-2006-7241
The Image Viewer component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances...
Session fixation
Session fixation vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Open redirect
Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...
Design/Logic Flaw
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...
Design/Logic Flaw
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...
Design/Logic Flaw
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...
Design/Logic Flaw
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...
CVE-2009-5002
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...
CVE-2009-5000
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...