CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4763
https://notcve.org/view.php?id=CVE-2014-4763
15 Sep 2014 — Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Content Navigator en Content Engine en IBM FileNet Content Manager 5.2.x anterior a 5.2.0.3-P8CPE-IF003 y Content Foundation 5.2.x anterior a 5.2.0.3-P8CPE-IF003 permite a usuarios remotos autent... • http://secunia.com/advisories/61127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6746
https://notcve.org/view.php?id=CVE-2013-6746
22 Jan 2014 — Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FileNet P8 Platform Documentation Installable Info Center 4.5.1 hasta la versión 5.2.0 en IBM FileNet Business Process Manager 4.5.1 hasta 5.1.0,... • http://secunia.com/advisories/56500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5449
https://notcve.org/view.php?id=CVE-2013-5449
04 Dec 2013 — Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en workinSet.jsp en IBM Eclipse Help System (IEHS), como es utilizado en el componente instalable InfoCenter en IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0 y 5.2.0, permi... • http://www-01.ibm.com/support/docview.wss?uid=swg21657493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1045
https://notcve.org/view.php?id=CVE-2011-1045
21 Feb 2011 — Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. Vulnerabilidad no especificada en Rendition Engine (también conocido como P8RE) v4.0.1 hasta v4.5.1 de IBM FileNet P8 Content Manager (CM) permite a atacantes remotos obtener privilegios a través de vectores desconocidos. • http://secunia.com/advisories/43321 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1046
https://notcve.org/view.php?id=CVE-2011-1046
21 Feb 2011 — IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors. IBM FileNet P8 Content Engine (tambien conocida como P8CE)v4.0.1 hasta v5.0.0, usada en FileNet P8 Content Manager (CM) yFileNet P8 Business Process Manager (BPM),no... • http://secunia.com/advisories/43347 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3317
https://notcve.org/view.php?id=CVE-2010-3317
13 Sep 2010 — Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Records Manager (RM) v4.5.x antes v4.5.1.1-IER-FP001 permite a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores no especificados. • http://secunia.com/advisories/41344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3318
https://notcve.org/view.php?id=CVE-2010-3318
13 Sep 2010 — IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 transmite las contraseñas en texto claro, lo que permite a atacantes remotos obtener información sensible escuchando el tráfico de la red. • http://secunia.com/advisories/41344 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3319
https://notcve.org/view.php?id=CVE-2010-3319
13 Sep 2010 — IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 coloca un token de sesión en la URI, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de un archivo de log "Referer". • http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3320
https://notcve.org/view.php?id=CVE-2010-3320
13 Sep 2010 — Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/41344 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-2896
https://notcve.org/view.php?id=CVE-2010-2896
28 Jul 2010 — IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. IBM FileNet Content Manager (CM) v4.0.0, v4.0.1, v4.5.0 y v4.5.1 anterior a FP4 no maneja adecuadamente la configuración de InheritParentPermissions durante la actualización de 3.x, esto puede permitir a los atacantes evitar los permisos de carpeta pretend... • http://secunia.com/advisories/40614 • CWE-264: Permissions, Privileges, and Access Controls •