4.3
CVE-2010-3471
- EPSS 1.12%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:22:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Filenet P8 Application Engine Version4.0.2
Ibm ≫ Filenet P8 Application Engine Version4.0.2 Update001
Ibm ≫ Filenet P8 Application Engine Version4.0.2 Update002
Ibm ≫ Filenet P8 Application Engine Version4.0.2 Update003
Ibm ≫ Filenet P8 Application Engine Version4.0.2 Update004
Ibm ≫ Filenet P8 Application Engine Version4.0.2 Update005
Ibm ≫ Filenet P8 Application Engine Version4.0.2 Update006
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.12% | 0.619 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm
http://secunia.com/advisories/41460
http://www.securityfocus.com/bid/43271
http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37346