Ibm Filenet P8 Application Engine vulnerabilities

12 known vulnerabilities affecting ibm/filenet_p8_application_engine.

Total CVEs

12

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM10LOW2

Vulnerabilities

Page 1 of 1

CVE-2010-3470MEDIUMCVSS 4.3v3.5.1v4.0.22010-09-20

CVE-2010-3470 [MEDIUM] CWE-79 CVE-2010-3470: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileN Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2009-5002MEDIUMCVSS 6.4v4.0.22010-09-20

CVE-2009-5002 [MEDIUM] CWE-264 CVE-2009-5002: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1- The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection.

CVE-2010-3473MEDIUMCVSS 5.8v3.5.12010-09-20

CVE-2010-3473 [MEDIUM] CWE-20 CVE-2010-3473: Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVE-2010-3472MEDIUMCVSS 4.3v3.5.12010-09-20

CVE-2010-3472 [MEDIUM] CWE-79 CVE-2010-3472: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileN Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2009-4999MEDIUMCVSS 4.3v3.5.12010-09-20

CVE-2009-4999 [MEDIUM] CWE-79 CVE-2009-4999: Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Appli Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.

CVE-2009-5001MEDIUMCVSS 4.0v4.0.22010-09-20

CVE-2009-5001 [MEDIUM] CWE-264 CVE-2009-5001: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2- The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

CVE-2009-5000MEDIUMCVSS 4.3v4.0.22010-09-20

CVE-2009-5000 [MEDIUM] CWE-79 CVE-2009-5000: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileN Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages.

CVE-2006-7242MEDIUMCVSS 4.0v3.5.12010-09-20

CVE-2006-7242 [MEDIUM] CWE-264 CVE-2006-7242: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

CVE-2010-3471MEDIUMCVSS 4.3v4.0.22010-09-20

CVE-2010-3471 [MEDIUM] CWE-287 CVE-2010-3471: Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Eng Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.

CVE-2006-7241MEDIUMCVSS 4.0v3.5.12010-09-20

CVE-2006-7241 [MEDIUM] CWE-264 CVE-2006-7241: The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 remove The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

CVE-2008-7261LOWCVSS 2.1v3.5.12010-09-20

CVE-2008-7261 [LOW] CWE-255 CVE-2008-7261: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.

CVE-2009-4998LOWCVSS 2.6v3.5.1v4.0.22010-09-20

CVE-2009-4998 [LOW] CWE-264 CVE-2009-4998: The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.