CVE-2006-7242

CWE-2643 documents3 sources
Severity
4.0MEDIUM
EPSS
0.1%
top 68.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Filenet P8 Application Engine
Timeline
PublishedSep 20
Latest updateMay 1

Description

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6wxr-2g36-cwq2: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 32022-05-01
CVEList
CVE-2006-7242: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 32010-09-20
CVE-2006-7242 (MEDIUM CVSS 4) | The Workplace (aka WP) component in | cvebase.io