Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1046

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1046
Last Modified 22 Feb 2011 12:00:00
Published 21 Feb 2011 01:00:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1046

Summary

IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.

Vulnerable Systems

Application

  • Ibm Filenet P8 Business Process Manager

  • Ibm Filenet P8 Content Engine 4.0.1

  • Ibm Filenet P8 Content Engine 4.0.1.10

  • Ibm Filenet P8 Content Engine 4.0.1.11

  • Ibm Filenet P8 Content Engine 4.0.1.12

  • Ibm Filenet P8 Content Engine 4.0.1.13

  • Ibm Filenet P8 Content Engine 4.5.0

  • Ibm Filenet P8 Content Engine 4.5.0.2

  • Ibm Filenet P8 Content Engine 4.5.1.3

  • Ibm Filenet P8 Content Engine 4.5.1.4

  • Ibm Filenet P8 Content Engine 4.5.1.5

  • Ibm Filenet P8 Content Engine 4.5.1.6

  • Ibm Filenet P8 Content Engine 5.0.0

  • Ibm Filenet P8 Content Manager


References

XF - ibm-filenet-contentengine-sec-bypass(65448)

VUPEN - ADV-2011-0423

BID - 46432

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21462438

SECUNIA - 43347


Last Updated: 27 May 2016 10:56:08