Improper Query Operator Handling in IBM Content Collector for Email
CVE-2015-0146

Currently unrated

Key Information:

Vendor: IBM
Status: Content Collector
Vendor: CVE Published:; 18 March 2015

Summary

IBM Content Collector for Email prior to specified versions contains a flaw in the way it handles certain query operators during searches within IBM FileNet P8 systems when using IBM Content Search Services. This vulnerability allows local users to bypass restrictions implemented to protect sensitive documents, potentially exposing confidential information through carefully crafted search queries.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21696594

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 18, 2015
Vulnerability Reserved
Nov 18, 2014