CVE-2010-3473

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2009-5002

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

CVE-2006-7242

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

Open redirect

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

CVE-2009-5000

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

CVE-2009-4998

The vulnerability described as CVE-2009-4998 affects the Workplace (WP) component of IBM FileNet P8 Application Engine (P8AE) . It applies to versions 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007 , in certain FileTracker configurations. The issue is that the component does not app...

CVE-2006-7241

CVE-2006-7241 affects IBM FileNet P8 Application Engine (P8AE) 3.5.1 prior to 3.5.1-002. The Image Viewer component can remove a user from an ACL when that user is denied all permissions for an annotation, potentially allowing remote authenticated users to bypass intended access restrictions in o...

CVE-2010-3472

IBM FileNet P8 Application Engine (P8AE) 3.5.1 is vulnerable to multiple XSS in the Workplace (WP) component. The vulnerability affects P8AE 3.5.1 before 3.5.1-021 and allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact is cross-site scripting; exploitat...

CVE-2006-7242

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

CVE-2009-4998

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

CVE-2010-3473

The CVE-2010-3473 vulnerability affects IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021, described as an open redirect in the Workplace component that can direct users to arbitrary websites and enable phishing via unspecified vectors. The connected documents reiterate the open-red...

CVE-2010-3471

CVE-2010-3471 impacts IBM FileNet P8 Application Engine (P8AE) 4.0.2.x, with a vulnerability in the Workplace component that allows session fixation and potential web-session hijacking. The issue is described as affecting all 4.0.2.x prior to 4.0.2.7-P8AE-FP007 and is triggered through unspecifie...

CVE-2006-7242

The vulnerability (CVE-2006-7242) affects IBM FileNet P8 Application Engine (P8AE) — Workplace component (WP) version 3.5.1 prior to 3.5.1-001. Root cause: the AE Administrator role is not guaranteed to be present for Site Preferences modifications. Impact: remote authenticated users can bypass i...

CVE-2010-3473

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...