CVE-2009-5001

CWE-2643 documents3 sources

Severity

4.0MEDIUM

EPSS

0.1%

top 68.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Filenet P8 Application Engine

Timeline

PublishedSep 20

Latest updateMay 2

Description

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/filenet_p8_application_engine4.0.2

🔴Vulnerability Details

GHSA

GHSA-w5qh-2x4h-crww: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4↗2022-05-02

▶

CVEList

CVE-2009-5001: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4↗2010-09-20

▶