Vulnerability Description
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Filenet P8 Application Engine | 3.5.1 |
Related Weaknesses (CWE)
References
- http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm
- http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm
FAQ
What is CVE-2006-7242?
CVE-2006-7242 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which ...
How severe is CVE-2006-7242?
CVE-2006-7242 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7242?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Filenet P8 Application Engine.