CVE-2010-2896
https://notcve.org/view.php?id=CVE-2010-2896
IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. IBM FileNet Content Manager (CM) v4.0.0, v4.0.1, v4.5.0 y v4.5.1 anterior a FP4 no maneja adecuadamente la configuración de InheritParentPermissions durante la actualización de 3.x, esto puede permitir a los atacantes evitar los permisos de carpeta pretendidos mediante vectores desconocidos. • http://secunia.com/advisories/40614 http://www-01.ibm.com/support/docview.wss?uid=swg21441225 http://www.vupen.com/english/advisories/2010/1847 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-1953
https://notcve.org/view.php?id=CVE-2009-1953
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors. IBM FileNet Content Manager v4.0, v4.0.1, y 4.5, usado en IBM WebSphere Application Server (WAS) y Oracle BEA WebLogic Application Server, cuando el "listener" (aplicación a la escucha)CE Web Services tiene una configuración WSEAF determinada, no restringe adecuadamente el uso de un "Subject" cacheado, lo que permite a atacantes remotos obtener acceso con credenciales de usuarios autenticados recientemente, a través de vectores no especificados. • http://secunia.com/advisories/35347 http://www-01.ibm.com/support/docview.wss?uid=swg21389281 http://www.securityfocus.com/bid/35228 http://www.vupen.com/english/advisories/2009/1512 • CWE-264: Permissions, Privileges, and Access Controls •