) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:012:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2010-3473 |
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: September 20, 2010; 6:00:04 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
| CVE-2010-3472 |
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 20, 2010; 6:00:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2010-3470 |
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 20, 2010; 6:00:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2009-4999 |
Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field. Published: September 20, 2010; 6:00:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2009-4998 |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. Published: September 20, 2010; 6:00:02 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
| CVE-2008-7261 |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file. Published: September 20, 2010; 6:00:02 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2006-7242 |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Published: September 20, 2010; 6:00:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
| CVE-2006-7241 |
The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. Published: September 20, 2010; 6:00:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |