CVE-2010-3473
- EPSS 1.1%
- Veröffentlicht 20.09.2010 22:00:04
- Zuletzt bearbeitet 16.06.2026 23:22:50
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2009-4999
- EPSS 0.85%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:14:48
Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.
CVE-2009-5000
- EPSS 0.85%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:14:48
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parame...
- EPSS 1.03%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:14:48
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might al...
CVE-2009-5002
- EPSS 1.04%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:14:48
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection.
CVE-2010-3470
- EPSS 1.29%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:22:50
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or ...
CVE-2010-3471
- EPSS 1.12%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:22:50
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2010-3472
- EPSS 1.09%
- Veröffentlicht 20.09.2010 22:00:03
- Zuletzt bearbeitet 16.06.2026 23:22:50
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- EPSS 1.06%
- Veröffentlicht 20.09.2010 22:00:02
- Zuletzt bearbeitet 16.06.2026 22:34:38
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intend...
CVE-2008-7261
- EPSS 0.35%
- Veröffentlicht 20.09.2010 22:00:02
- Zuletzt bearbeitet 16.06.2026 23:03:56
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading thi...