Lucene search
K

28 matches found

NVD
NVD
added 2010/09/20 10:0 p.m.21 views

CVE-2010-3473

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

5.8CVSS6.5AI score0.01104EPSS
Exploits0References5
NVD
NVD
added 2010/09/20 10:0 p.m.13 views

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

4.3CVSS5.5AI score0.00845EPSS
Exploits0References2
NVD
NVD
added 2010/09/20 10:0 p.m.23 views

CVE-2009-5002

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

6.4CVSS6.4AI score0.01035EPSS
Exploits0References2
NVD
NVD
added 2010/09/20 10:0 p.m.25 views

CVE-2006-7242

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

4CVSS6AI score0.01058EPSS
Exploits0References1
NVD
NVD
added 2010/09/20 10:0 p.m.17 views

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

4CVSS6AI score0.01058EPSS
Exploits0References1
Prion
Prion
added 2010/09/20 10:0 p.m.17 views

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

6.4CVSS7AI score0.01035EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2010/09/20 10:0 p.m.16 views

Open redirect

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

5.8CVSS6.9AI score0.01104EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2010/09/20 10:0 p.m.21 views

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

2.6CVSS7.1AI score0.01099EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2010/09/20 10:0 p.m.20 views

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

2.1CVSS6AI score0.00346EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2010/09/20 10:0 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

4.3CVSS5.9AI score0.00845EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/09/20 9:0 p.m.43 views

CVE-2010-3473

The CVE-2010-3473 vulnerability affects IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021, described as an open redirect in the Workplace component that can direct users to arbitrary websites and enable phishing via unspecified vectors. The connected documents reiterate the open-red...

5.8CVSS6.7AI score0.01104EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2010/09/20 9:0 p.m.48 views

CVE-2010-3472

IBM FileNet P8 Application Engine (P8AE) 3.5.1 is vulnerable to multiple XSS in the Workplace (WP) component. The vulnerability affects P8AE 3.5.1 before 3.5.1-021 and allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact is cross-site scripting; exploitat...

4.3CVSS5.7AI score0.01086EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2010/09/20 9:0 p.m.44 views

CVE-2006-7241

CVE-2006-7241 affects IBM FileNet P8 Application Engine (P8AE) 3.5.1 prior to 3.5.1-002. The Image Viewer component can remove a user from an ACL when that user is denied all permissions for an annotation, potentially allowing remote authenticated users to bypass intended access restrictions in o...

4CVSS6.2AI score0.01058EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2010/09/20 9:0 p.m.35 views

CVE-2009-5000

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

5.7AI score0.00845EPSS
Exploits0References2
CVE
CVE
added 2010/09/20 9:0 p.m.50 views

CVE-2009-4999

IBM FileNet P8 Application Engine (P8AE) 3.5.1 is vulnerable to a cross-site scripting (XSS) flaw in the Workplace component (aka WP). The issue allows remote attackers to inject arbitrary web script or HTML via the Name field and affects versions before 3.5.1-016. The vulnerability is documented...

4.3CVSS5.7AI score0.00845EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2010/09/20 9:0 p.m.24 views

CVE-2010-3473

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

6.5AI score0.01104EPSS
Exploits0References5
CVE
CVE
added 2010/09/20 9:0 p.m.46 views

CVE-2009-5002

The CVE reports a flaw in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x prior to 4.0.2.1-P8AE-FP001 where the Get Content Failure Audit events are not recorded. This could allow remote attackers to attempt content access without detection. Affected component: Workplace (WP) in P8AE. Root cause...

6.4CVSS6.6AI score0.01035EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/09/20 9:0 p.m.45 views

CVE-2009-5000

CVE-2009-5000 refers to multiple cross-site scripting (XSS) vulnerabilities in the Workplace component of IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003. The underlying issue is XSS in .jsp pages triggered via unspecified parameters, enabling remote attackers to inject...

4.3CVSS5.7AI score0.00845EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/09/20 9:0 p.m.42 views

CVE-2006-7242

The vulnerability (CVE-2006-7242) affects IBM FileNet P8 Application Engine (P8AE) — Workplace component (WP) version 3.5.1 prior to 3.5.1-001. Root cause: the AE Administrator role is not guaranteed to be present for Site Preferences modifications. Impact: remote authenticated users can bypass i...

4CVSS6.1AI score0.01058EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/09/20 9:0 p.m.44 views

CVE-2010-3470

The CVE-2010-3470 entry concerns IBM FileNet P8 Application Engine (P8AE). It documents multiple cross-site scripting (XSS) vulnerabilities in the Workplace (WP) component, affecting P8AE 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007. The issue allows remote attackers to inject arb...

4.3CVSS5.7AI score0.01292EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder