CVE-2009-5001

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm
http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:::::::*
	cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:001::::::

History

No history.

Information

Published : 2010-09-20 22:00

Updated : 2023-12-10 11:03

NVD link : CVE-2009-5001

Mitre link : CVE-2009-5001

CVE.ORG link : CVE-2009-5001

JSON object : View

Products Affected

ibm

filenet_p8_application_engine

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-5001", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-20T22:00:03.407", "references": [{"url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances."}, {"lang": "es", "value": "El componente Workplace (tambi\u00e9n conocido como WP) en IBM FileNet P8 Application Engine (P8AE) v4.0.2.x anteriores a v4.0.2.2-P8AE-FP002 da control total al creador/propietario del documento de los objetos anotaci\u00f3n, incluso si la instancia de seguridad por defecto ha cambiado, lo que podr\u00eda permitir a usuarios remotos autenticados evitar la restricciones de acceso en circunstancias oportunas."}], "lastModified": "2010-09-21T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE07D556-C02C-498C-AFEF-6A6A99B2B639"}, {"criteria": "cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9AEEBC1-FA35-46E6-BFF2-A86B4D75682A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}