Vulnerability Details CVE-2009-1953
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v2 Score 4.6
Products affected by CVE-2009-1953
-
cpe:2.3:a:ibm:filenet_content_manager:4.0
-
cpe:2.3:a:ibm:filenet_content_manager:4.0.1
-
cpe:2.3:a:ibm:filenet_content_manager:4.5