Lucene search

K
IbmFilenet Content Manager

21 matches found

CVE
CVE
added 2024/03/01 3:15 a.m.84 views

CVE-2023-38366

IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 261115.

5.3CVSS5.2AI score0.00054EPSS
CVE
CVE
added 2024/03/01 3:15 a.m.76 views

CVE-2023-47716

IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.

6.3CVSS6.3AI score0.0001EPSS
CVE
CVE
added 2023/10/04 1:15 a.m.68 views

CVE-2023-35905

IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

5.4CVSS4.8AI score0.00135EPSS
CVE
CVE
added 2022/01/17 6:15 p.m.52 views

CVE-2021-38965

IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.

9CVSS8.6AI score0.02314EPSS
CVE
CVE
added 2019/10/14 2:15 p.m.48 views

CVE-2019-4572

IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.

4.4CVSS4.4AI score0.00095EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.43 views

CVE-2009-1953

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to ob...

4.6CVSS6.2AI score0.00554EPSS
CVE
CVE
added 2020/11/09 9:15 p.m.42 views

CVE-2020-4759

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.

9.3CVSS7.8AI score0.00421EPSS
CVE
CVE
added 2018/10/12 12:0 p.m.41 views

CVE-2018-1844

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.

7.1CVSS6.8AI score0.00351EPSS
CVE
CVE
added 2014/09/15 2:55 p.m.40 views

CVE-2014-4763

Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00208EPSS
CVE
CVE
added 2018/07/06 2:29 p.m.40 views

CVE-2018-1556

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893...

5.4CVSS5.4AI score0.00216EPSS
CVE
CVE
added 2018/07/06 2:29 p.m.39 views

CVE-2018-1542

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expos...

7.1CVSS6.8AI score0.0048EPSS
CVE
CVE
added 2020/07/23 4:15 p.m.38 views

CVE-2020-4447

IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227...

5.4CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2010/09/13 9:0 p.m.35 views

CVE-2010-3318

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

5CVSS6.1AI score0.00275EPSS
CVE
CVE
added 2010/09/13 9:0 p.m.35 views

CVE-2010-3320

Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.8CVSS6.7AI score0.0054EPSS
CVE
CVE
added 2018/07/06 2:29 p.m.35 views

CVE-2018-1555

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892...

5.4CVSS5.4AI score0.00216EPSS
CVE
CVE
added 2010/07/28 8:0 p.m.34 views

CVE-2010-2896

IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.

4.3CVSS6.5AI score0.00195EPSS
CVE
CVE
added 2010/09/13 9:0 p.m.34 views

CVE-2010-3319

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.

5CVSS6.1AI score0.00225EPSS
CVE
CVE
added 2010/09/13 9:0 p.m.33 views

CVE-2010-3317

Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00289EPSS
CVE
CVE
added 2013/12/04 6:24 p.m.32 views

CVE-2013-5449

Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00266EPSS
CVE
CVE
added 2018/05/01 2:29 p.m.31 views

CVE-2018-1502

IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.2AI score0.00237EPSS
CVE
CVE
added 2014/01/22 5:22 a.m.29 views

CVE-2013-6746

Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary w...

4.3CVSS5.7AI score0.00256EPSS