Vulnerability Description
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Filenet P8 Application Engine | 4.0.2 |
Related Weaknesses (CWE)
References
- http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm
- http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547
- http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm
- http://www-01.ibm.com/support/docview.wss?uid=swg1PJ35547
FAQ
What is CVE-2009-5001?
CVE-2009-5001 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the def...
How severe is CVE-2009-5001?
CVE-2009-5001 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5001?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Filenet P8 Application Engine.