Total
12 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-5000 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages. | |||||
CVE-2009-4999 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. | |||||
CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 6.4 MEDIUM | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | |||||
CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2009-4998 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 2.6 LOW | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2008-7261 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 2.1 LOW | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. | |||||
CVE-2010-3470 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-5001 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.0 MEDIUM | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||
CVE-2006-7241 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.0 MEDIUM | N/A |
The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | |||||
CVE-2010-3472 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 4.0 MEDIUM | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |