PT-2010-4384 · Ibm · Ibm Filenet Content Manager

Published

2010-07-28

Updated

2010-07-29

CVE-2010-2896

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM FileNet Content Manager (CM) versions 4.0.0 through 4.0.1 IBM FileNet Content Manager (CM) versions 4.5.0 through 4.5.1 before FP4

Description The issue arises from improper management of the InheritParentPermissions setting during an upgrade from version 3.x. This might allow attackers to bypass intended folder permissions.

Recommendations For versions 4.0.0 through 4.0.1, update to a version that properly manages the InheritParentPermissions setting. For versions 4.5.0 through 4.5.1, apply FP4 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-2896

Affected Products

Ibm Filenet Content Manager

PT-2010-4384 · Ibm · Ibm Filenet Content Manager

CVE-2010-2896

Weakness Enumeration

Related Identifiers

Affected Products

References · 4