Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1953


Vulnerability Score 4.6 4.6
CVE Id CVE-2009-1953
Last Modified 29 Jan 2013 12:00:00
Published 07 Jun 2009 09:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE



IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Vulnerable Systems


  • Ibm Filenet Content Manager 4.0

  • Ibm Filenet Content Manager 4.0.1

  • Ibm Filenet Content Manager 4.5

  • Ibm Websphere Application Server

  • Oracle Weblogic Application Server


VUPEN - ADV-2009-1512

BID - 35228


SECUNIA - 35347

Last Updated: 27 May 2016 10:50:44