CVE-2010-3471

Session fixation vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2010-3473

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2010-3472

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-2896

IBM FileNet Content Manager CM 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors...

CVE-2009-5000

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

CVE-2008-7261

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

CVE-2009-5002

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

CVE-2009-5001

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended...

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

CVE-2006-7242

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

IBM FileNet Content Manager Privilege Permission and Access Control Issues Vulnerability

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from International Business Machines IBM. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. IBM FileNet Content...

CVE-2023-38366

IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 261115...

CVE-2023-35905

IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

Security Bulletin: IBM FileNet Business Process Manager – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Business Process Manager is vulnerable to a denial of service attack, which is triggered by malformed XML data. Content The products that are listed below can be affected by security vulnerabilities reported to the Apache Xerces-J...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager Content The products listed below might be affected by security vulnerabilities reported by Oracle’s April 2013 Critical Patch Updates: · IBM FileNet Business Proces...

Security Bulletin: IBM FileNet Records Manager/IBM InfoSphere Enterprise Records/IBM Enterprise Records Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager. Content The products that are listed below can be affected by security vulnerabilities as reported by Oracle April 2013 Critical Patch updates: · IBM FileNet Busine...

Security Bulletin: IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor is potentially affected by vulnerabilities in IBM Java SDK/JRE

Abstract Multiple security vulnerabilities exist in the IBM Java SDK/JREs that are shipped with IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor product. Content VULNERABILITY DETAILS: DESCRIPTION: The IBM FileNet System Monitor/IBM Enterprise Content Management System...

Security Bulletin: An Apache Commons Compress vulnerability has been identified with the embedded IBM FileNet P8 Content Platform Engine component in IBM Business Process Manager and IBM Business Automation Workflow

Summary An Apache Commons Compress vulnerability has been identified with the embeded IBM FileNet P8 Content Platform Engine component, specifically with the Administration Console for Content Platform Engine application, in IBM Business Process Manager and IBM Business Automation Workflow...

Security Bulletin: junrar v7.4.0 and prior Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS)

Summary junrar v7.4.0 and prior Denial of Service DoS security vulnerability in IBM FileNet Content Manager Content Search Services CSS. A carefully crafted RAR archive can trigger an infinite loop while parsing the file. This could be used to mount a denial of service attack against services tha...