CVE-2010-3470

The CVE-2010-3470 entry concerns IBM FileNet P8 Application Engine (P8AE). It documents multiple cross-site scripting (XSS) vulnerabilities in the Workplace (WP) component, affecting P8AE 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007. The issue allows remote attackers to inject arb...

CVE-2006-7242

The vulnerability (CVE-2006-7242) affects IBM FileNet P8 Application Engine (P8AE) — Workplace component (WP) version 3.5.1 prior to 3.5.1-001. Root cause: the AE Administrator role is not guaranteed to be present for Site Preferences modifications. Impact: remote authenticated users can bypass i...

CVE-2009-5000

CVE-2009-5000 refers to multiple cross-site scripting (XSS) vulnerabilities in the Workplace component of IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003. The underlying issue is XSS in .jsp pages triggered via unspecified parameters, enabling remote attackers to inject...

CVE-2010-3470

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-5000

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

CVE-2009-4999

IBM FileNet P8 Application Engine (P8AE) 3.5.1 is vulnerable to a cross-site scripting (XSS) flaw in the Workplace component (aka WP). The issue allows remote attackers to inject arbitrary web script or HTML via the Name field and affects versions before 3.5.1-016. The vulnerability is documented...

CVE-2006-7242

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

CVE-2010-3471

Session fixation vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2009-5001

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...

CVE-2009-4998

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

CVE-2010-3473

The CVE-2010-3473 vulnerability affects IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021, described as an open redirect in the Workplace component that can direct users to arbitrary websites and enable phishing via unspecified vectors. The connected documents reiterate the open-red...

CVE-2010-2896

IBM FileNet Content Manager CM 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors...

CVE-2010-2518

Unspecified vulnerability in the P8 Content Engine P8CE 4.5.1 before FP3 and the P8 Content Search Engine P8CSE before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager CM and FileNet P8 Business Process Manager BPM, allows remote attackers to gain privileges via unknown...

Information disclosure

Unspecified vulnerability in the P8 Content Engine P8CE 4.5.1 before FP3 and the P8 Content Search Engine P8CSE before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager CM and FileNet P8 Business Process Manager BPM, allows remote attackers to gain privileges via unknown...

CVE-2010-2518

Unspecified vulnerability in the P8 Content Engine P8CE 4.5.1 before FP3 and the P8 Content Search Engine P8CSE before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager CM and FileNet P8 Business Process Manager BPM, allows remote attackers to gain privileges via unknown...

CVE-2010-2518

The CVE-2010-2518 entry concerns an unspecified privilege escalation vulnerability affecting IBM FileNet P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3, plus 4.5.1 before FP1, used in FileNet P8 Content Manager (CM) and BPM. The vulnerability a...

IBM FileNet内容管理器缓存主题安全绕过漏洞

Bugraq ID: 35228 CNCAN ID：CNCAN-2009060601 IBM FileNet P8是一款内容管理解决方案。 IBM FileNet内容管理器处理缓存凭据存在安全问题，远程攻击者可以利用漏洞借用缓存主题凭据作为验证用户的身份。 只有当CE WEB服务监听程序配置使用可扩展验证架构Extensible Authentication Framework和可扩展验证架构配置使用SOAP安全元素，而不是UsernameToken或BinarySecurityToken时触发。 IBM FileNet P8 Platform 4.0.1 IBM FileNet P8...