Roshan Thomas

**Name of the Vulnerable Software and Affected Versions** IBM FileNet Workplace versions 4.0.2 through 4.0.2.14 **Description** The issue allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks. **Recommendations** For IBM FileNet Workplace versions 4.0.2 through 4.0.2.14, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM FileNet Workplace XT versions 1.1.5.2-WPXT-LA011 and earlier IBM FileNet Workplace (Application Engine) versions 4.0.2.14-P8AE-IF001 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when the RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For IBM FileNet Workplace XT versions 1.1.5.2-WPXT-LA011 and earlier, ensure proper configuration of RegExpSecurityFilter and ScriptSecurityFilter to prevent XSS attacks. For IBM FileNet Workplace (Application Engine) versions 4.0.2.14-P8AE-IF001 and earlier, ensure proper configuration of RegExpSecurityFilter and ScriptSecurityFilter to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** IBM FileNet Workplace version 4.0.2 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. This occurs because the software does not properly validate or sanitize user-inputted data, specifically files uploaded by users. **Recommendations** For IBM FileNet Workplace version 4.0.2, update the software to a version that includes fixes for this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** IBM FileNet Workplace version 4.0.2 before 4.0.2.14 **Description** The issue allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks. **Recommendations** For IBM FileNet Workplace version 4.0.2 before 4.0.2.14, update to version 4.0.2.14 or later to resolve the issue.