IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2011-02-21 10:00
Updated : 2017-08-16 18:33
NVD link : CVE-2011-1046
Mitre link : CVE-2011-1046
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
ibm
- filenet_p8_content_manager
- filenet_p8_content_engine
- filenet_p8_business_process_manager