Unauthorized Access in IBM FileNet P8 Content Engine Affecting Multiple Versions
CVE-2011-1046

Currently unrated

Key Information:

Vendor: IBM
Status: Filenet P8 Content Engine; Filenet P8 Business Process Manager; Filenet P8 Content Manager
Vendor: CVE Published:; 21 February 2011

Summary

The IBM FileNet P8 Content Engine, specifically versions 4.0.1 through 5.0.0, lacks the necessary requirement for the PRIVILEGED_WRITE access role on certain Object Store modifications. This oversight enables remote attackers to alter privileged properties of objects using unspecified methods, potentially compromising the integrity and confidentiality of stored content.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65448

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21462438

x_refsource_CONFIRM

http://www.securityfocus.com/bid/46432

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 21, 2011
Vulnerability Reserved
Feb 21, 2011