Vulnerability Description
IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Filenet Content Manager | 4.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40614Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21441225Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1847Vendor Advisory
- http://secunia.com/advisories/40614Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21441225Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1847Vendor Advisory
FAQ
What is CVE-2010-2896?
CVE-2010-2896 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypa...
How severe is CVE-2010-2896?
CVE-2010-2896 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2896?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Filenet Content Manager.