Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): filenet
- Search Type: Search All
- CPE Name Search: false
- CPE Vendor: cpe:/:ibm
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-35905 |
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. Published: October 03, 2023; 9:15:50 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-38965 |
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346. Published: January 17, 2022; 1:15:07 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2020-4757 |
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. Published: December 21, 2020; 1:15:15 PM -0500 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-4759 |
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736. Published: November 09, 2020; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2020-4447 |
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227. Published: July 23, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-4572 |
IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. Published: October 14, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2018-1844 |
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. Published: October 12, 2018; 7:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2018-1556 |
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893. Published: July 06, 2018; 10:29:01 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1555 |
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892. Published: July 06, 2018; 10:29:01 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1542 |
IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597. Published: July 06, 2018; 10:29:01 AM -0400 |
V4.0:(not available) V3.0: 7.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2016-8921 |
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Published: February 01, 2017; 3:59:02 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-3055 |
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: December 01, 2016; 6:59:09 AM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2016-3047 |
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: December 01, 2016; 6:59:08 AM -0500 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-5981 |
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: November 24, 2016; 10:59:12 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-5878 |
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: August 07, 2016; 9:59:18 PM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3054 |
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. Published: August 07, 2016; 9:59:13 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2015-1888 |
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: October 03, 2015; 6:59:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-0146 |
IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query. Published: March 18, 2015; 6:59:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-4763 |
Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: September 15, 2014; 10:55:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-6746 |
Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 22, 2014; 12:22:15 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |