PT-2015-4504 · Ibm · Ibm Content Collector For Email+2
Published
2015-03-18
·
Updated
2015-03-18
·
CVE-2015-0146
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Content Collector for Email versions 3.0 through 3.0.0.6-IBM-ICC-Server-IF001
IBM Content Collector for Email versions 4.0 through 4.0.0.3-IBM-ICC-Server-IF001
Description
The issue allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query, due to improper handling of an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services.
Recommendations
For IBM Content Collector for Email versions 3.0 through 3.0.0.6-IBM-ICC-Server-IF001, update to version 3.0.0.6-IBM-ICC-Server-IF001 or later.
For IBM Content Collector for Email versions 4.0 through 4.0.0.3-IBM-ICC-Server-IF001, update to version 4.0.0.3-IBM-ICC-Server-IF001 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Content Collector For Email
Ibm Content Search Services
Ibm Filenet P8