CVE-2009-4998

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:010:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:011:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:012:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:013:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:014:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:015:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:016:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:017:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:018:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:019:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:001:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:002:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:003:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:004:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:005:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:006:*:*:*:*:*:*

History

21 Nov 2024, 01:10

Type Values Removed Values Added
References () http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm - () http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm -
References () http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm - () http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm -
References () http://www-01.ibm.com/support/docview.wss?uid=swg1PJ36552 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg1PJ36552 - Vendor Advisory

Information

Published : 2010-09-20 22:00

Updated : 2024-11-21 01:10


NVD link : CVE-2009-4998

Mitre link : CVE-2009-4998

CVE.ORG link : CVE-2009-4998


JSON object : View

Products Affected

ibm

  • filenet_p8_application_engine
CWE
CWE-264

Permissions, Privileges, and Access Controls