Vulnerability Description
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Filenet P8 Content Engine | 4.0.1 |
| Ibm | Filenet P8 Business Process Manager | All versions |
| Ibm | Filenet P8 Content Manager | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/43347Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21462438
- http://www.securityfocus.com/bid/46432
- http://www.vupen.com/english/advisories/2011/0423Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65448
- http://secunia.com/advisories/43347Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21462438
- http://www.securityfocus.com/bid/46432
- http://www.vupen.com/english/advisories/2011/0423Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65448
FAQ
What is CVE-2011-1046?
CVE-2011-1046 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access rol...
How severe is CVE-2011-1046?
CVE-2011-1046 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1046?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Filenet P8 Content Engine, Ibm Filenet P8 Business Process Manager, Ibm Filenet P8 Content Manager.