CVE-2010-3471

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 53.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Filenet P8 Application Engine

Timeline

PublishedSep 20

Latest updateMay 17

Description

Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/filenet_p8_application_engine4.0.2

🔴Vulnerability Details

GHSA

GHSA-fvx7-8xjx-g78f: Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4↗2022-05-17

▶

CVEList

CVE-2010-3471: Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4↗2010-09-20

▶