PT-2015-4504 · Ibm · Ibm Content Collector For Email+2
Publicado
2015-03-18
·
Atualizado
2015-03-18
·
CVE-2015-0146
CVSS v2.0
2.1
Baixa
| Vetor | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Content Collector for Email versions 3.0 through 3.0.0.6-IBM-ICC-Server-IF001
IBM Content Collector for Email versions 4.0 through 4.0.0.3-IBM-ICC-Server-IF001
Description
The issue allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query, due to improper handling of an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services.
Recommendations
For IBM Content Collector for Email versions 3.0 through 3.0.0.6-IBM-ICC-Server-IF001, update to version 3.0.0.6-IBM-ICC-Server-IF001 or later.
For IBM Content Collector for Email versions 4.0 through 4.0.0.3-IBM-ICC-Server-IF001, update to version 4.0.0.3-IBM-ICC-Server-IF001 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Content Collector For Email
Ibm Content Search Services
Ibm Filenet P8