The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547 - |
Information
Published : 2010-09-20 22:00
Updated : 2024-11-21 01:10
NVD link : CVE-2009-5001
Mitre link : CVE-2009-5001
CVE.ORG link : CVE-2009-5001
JSON object : View
Products Affected
ibm
- filenet_p8_application_engine
CWE
CWE-264
Permissions, Privileges, and Access Controls