CVE-2009-4998

Name of the Vulnerable Software and Affected Versions IBM FileNet P8 Application Engine (P8AE) versions 3.5.1 through 3.5.1-018 IBM FileNet P8 Application Engine (P8AE) versions 4.0.2.x through 4.0.2.6-P8AE-FP006

Description The issue concerns the Workplace component in IBM FileNet P8 Application Engine, where a security policy is not applied to the first document added during a session in certain FileTracker configurations. This might allow remote attackers to bypass intended access restrictions.

Recommendations For versions 3.5.1 through 3.5.1-018, update to version 3.5.1-019 or later. For versions 4.0.2.x through 4.0.2.6-P8AE-FP006, update to version 4.0.2.7-P8AE-FP007 or later.