PT-2009-4409 · Ibm · Ibm Filenet Content Manager

Published

2009-06-06

Updated

2013-01-29

CVE-2009-1953

CVSS v2.0

4.6

Medium

Vector

AV:N/AC:H/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: IBM FileNet Content Manager versions 4.0 through 4.5

Description: The issue arises when the CE Web Services listener has a certain WSEAF configuration, allowing remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. This occurs due to the improper restriction of a cached Subject.

Recommendations: For IBM FileNet Content Manager versions 4.0 through 4.5, consider reconfiguring the CE Web Services listener to properly restrict the use of cached Subjects until a patch is available. Restrict access to the affected WSEAF configuration to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1953

Affected Products

Ibm Filenet Content Manager

PT-2009-4409 · Ibm · Ibm Filenet Content Manager

CVE-2009-1953

Weakness Enumeration

Related Identifiers

Affected Products

References · 5