Filenet P8 Application Engine@3.5.1 Security Vulnerabilities and Issues — Filenet P8 Application Engine@3.5.1 CVE List

Lucene search

IbmFilenet P8 Application Engine3.5.1

8 matches found

CVE•added 2010/09/20 10:0 p.m.•46 views

CVE-2008-7261

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.

2.1CVSS5.7AI score0.00051EPSS

CVE•added 2010/09/20 10:0 p.m.•38 views

CVE-2009-4999

Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.

4.3CVSS5.7AI score0.00202EPSS

CVE•added 2010/09/20 10:0 p.m.•35 views

CVE-2010-3472

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00321EPSS

CVE•added 2010/09/20 10:0 p.m.•33 views

CVE-2010-3473

Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8CVSS6.7AI score0.00321EPSS

CVE•added 2010/09/20 10:0 p.m.•32 views

CVE-2006-7241

The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

4CVSS6.2AI score0.00092EPSS

CVE•added 2010/09/20 10:0 p.m.•32 views

CVE-2009-4998

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypa...

2.6CVSS6.7AI score0.0016EPSS

CVE•added 2010/09/20 10:0 p.m.•32 views

CVE-2010-3470

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.0049EPSS

CVE•added 2010/09/20 10:0 p.m.•28 views

CVE-2006-7242

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

4CVSS6.1AI score0.00121EPSS