CVE-2009-4998

Severity

26%

Complexity

49%

Confidentiality

48%

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N).

Overview

Type

IBM P8 FileNet P8 Application Engine (P8AE)

First reported 14 years ago

2010-09-20 22:00:00

Last updated 14 years ago

2010-09-21 04:00:00

Affected Software

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-001 (Fix Pack 001)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-002 (Fix Pack 002)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-003 (Fix Pack 003)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-004 (Fix Pack 004)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-005 (Fix Pack 005)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-006 (Fix Pack 006)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-007 (Fix Pack 007)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-008 (Fix Pack 008)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-009 (Fix Pack 009)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-010 (Fix Pack 010)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-011(Fix Pack 011)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-012 (Fix Pack 012)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-013 (Fix Pack 013)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-014 (Fix Pack 014)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-015 (Fix Pack 015)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-016 (Fix Pack 016)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-017 (Fix Pack 017)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-018 (Fix Pack 018)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 3.5.1-019 (Fix Pack 019)

3.5.1

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2

4.0.2

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2-001 (Fix Pack 001)

4.0.2

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2-002 (Fix Pack 002)

4.0.2

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2-003 (Fix Pack 003)

4.0.2

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2-004 (Fix Pack 004)

4.0.2

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2-005 (Fix Pack 005)

4.0.2

IBM P8 FileNet P8 Application Engine (P8AE) 4.0.2-006 (Fix Pack 006)

4.0.2

References

http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm

http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm

PJ36552

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.