VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2896
filenet_content_manager: IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5....
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2896

Original

IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-07-28
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-29




Affected Product Tags
cpe:/a:ibm:filenet_content_manager:4.0.0
cpe:/a:ibm:filenet_content_manager:4.0.1
cpe:/a:ibm:filenet_content_manager:4.5.0
cpe:/a:ibm:filenet_content_manager:4.5.1
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21441225




SECUNIA 40614




VUPEN ADV-2010-1847




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.