Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Filenet P8 Application Engine  >> 4.0.2  Security Vulnerabilities
CVE-2009-5000
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages.
CVSS Score
4.3
EPSS Score
0.002
Published
2010-09-20
CVE-2009-5001
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.
CVSS Score
4.0
EPSS Score
0.001
Published
2010-09-20
CVE-2009-5002
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection.
CVSS Score
6.4
EPSS Score
0.002
Published
2010-09-20
CVE-2010-3470
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2010-09-20
CVE-2010-3471
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2010-09-20
CVE-2009-4998
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVSS Score
2.6
EPSS Score
0.002
Published
2010-09-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved