CVE-2009-5001

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:001:*:*:*:*:*:*

History

21 Nov 2024, 01:10

Type Values Removed Values Added
References () http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm - () http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm -
References () http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547 - () http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547 -

Information

Published : 2010-09-20 22:00

Updated : 2024-11-21 01:10


NVD link : CVE-2009-5001

Mitre link : CVE-2009-5001

CVE.ORG link : CVE-2009-5001


JSON object : View

Products Affected

ibm

  • filenet_p8_application_engine
CWE
CWE-264

Permissions, Privileges, and Access Controls