CVE-2010-3473

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2009-5002

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

CVE-2006-7242

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

Open redirect

Open redirect vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection...

Design/Logic Flaw

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

CVE-2009-4998

The vulnerability described as CVE-2009-4998 affects the Workplace (WP) component of IBM FileNet P8 Application Engine (P8AE) . It applies to versions 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007 , in certain FileTracker configurations. The issue is that the component does not app...

CVE-2006-7241

CVE-2006-7241 affects IBM FileNet P8 Application Engine (P8AE) 3.5.1 prior to 3.5.1-002. The Image Viewer component can remove a user from an ACL when that user is denied all permissions for an annotation, potentially allowing remote authenticated users to bypass intended access restrictions in o...

CVE-2009-5000

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

CVE-2006-7242

The vulnerability (CVE-2006-7242) affects IBM FileNet P8 Application Engine (P8AE) — Workplace component (WP) version 3.5.1 prior to 3.5.1-001. Root cause: the AE Administrator role is not guaranteed to be present for Site Preferences modifications. Impact: remote authenticated users can bypass i...

CVE-2010-3470

The CVE-2010-3470 entry concerns IBM FileNet P8 Application Engine (P8AE). It documents multiple cross-site scripting (XSS) vulnerabilities in the Workplace (WP) component, affecting P8AE 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007. The issue allows remote attackers to inject arb...

CVE-2009-5000

CVE-2009-5000 refers to multiple cross-site scripting (XSS) vulnerabilities in the Workplace component of IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003. The underlying issue is XSS in .jsp pages triggered via unspecified parameters, enabling remote attackers to inject...

CVE-2010-3471

CVE-2010-3471 impacts IBM FileNet P8 Application Engine (P8AE) 4.0.2.x, with a vulnerability in the Workplace component that allows session fixation and potential web-session hijacking. The issue is described as affecting all 4.0.2.x prior to 4.0.2.7-P8AE-FP007 and is triggered through unspecifie...

CVE-2008-7261

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

CVE-2009-5002

The CVE reports a flaw in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x prior to 4.0.2.1-P8AE-FP001 where the Get Content Failure Audit events are not recorded. This could allow remote attackers to attempt content access without detection. Affected component: Workplace (WP) in P8AE. Root cause...