CVE-2010-2896

IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/40614	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21441225	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1847	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:filenet_content_manager:4.0.0:::::::*
	cpe:2.3:a:ibm:filenet_content_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:filenet_content_manager:4.5.0:::::::*
	cpe:2.3:a:ibm:filenet_content_manager:4.5.1:::::::*

History

No history.

Information

Published : 2010-07-28 20:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-2896

Mitre link : CVE-2010-2896

CVE.ORG link : CVE-2010-2896

JSON object : View

Products Affected

ibm

filenet_content_manager

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-2896", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-07-28T20:00:07.870", "references": [{"url": "http://secunia.com/advisories/40614", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21441225", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1847", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors."}, {"lang": "es", "value": "IBM FileNet Content Manager (CM) v4.0.0, v4.0.1, v4.5.0 y v4.5.1 anterior a FP4 no maneja adecuadamente la configuraci\u00f3n de InheritParentPermissions durante la actualizaci\u00f3n de 3.x, esto puede permitir a los atacantes evitar los permisos de carpeta pretendidos mediante vectores desconocidos."}], "lastModified": "2010-07-29T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18A3291E-2746-40BF-B60A-03EEAAC9BAB7"}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EEDD182-2A22-44AB-A325-57C307819C1C"}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F852D8F-AFB9-44C7-878D-8A9D6279ACE6"}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F86DAF-332E-4CF1-9D7D-99A8AD10B155"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21441225\r\n\r\n'Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/'"}