CVE-2013-6746
https://notcve.org/view.php?id=CVE-2013-6746
Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FileNet P8 Platform Documentation Installable Info Center 4.5.1 hasta la versión 5.2.0 en IBM FileNet Business Process Manager 4.5.1 hasta 5.1.0, FileNet Content Manager 4.5.1 hasta la versión 5.2.0, y Case Foundation 5.2.0 permite a atacantes remotos inyectar script Web arbitrario o HTML a través de vectores no especificados. • http://secunia.com/advisories/56500 http://www.ibm.com/support/docview.wss?uid=swg21662360 http://www.securityfocus.com/bid/65045 https://exchange.xforce.ibmcloud.com/vulnerabilities/89862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5449
https://notcve.org/view.php?id=CVE-2013-5449
Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en workinSet.jsp en IBM Eclipse Help System (IEHS), como es utilizado en el componente instalable InfoCenter en IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0 y 5.2.0, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21657493 http://www.securityfocus.com/bid/64058 https://exchange.xforce.ibmcloud.com/vulnerabilities/88056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1046
https://notcve.org/view.php?id=CVE-2011-1046
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors. IBM FileNet P8 Content Engine (tambien conocida como P8CE)v4.0.1 hasta v5.0.0, usada en FileNet P8 Content Manager (CM) yFileNet P8 Business Process Manager (BPM),no requiere el rol de acceso PRIVILEGED_WRITE destinados a modificaciones de objetos de la tienda, que permite a atacantes remotos a cambiar una propiedad privilegiada de un objeto a través de vectores no especificados • http://secunia.com/advisories/43347 http://www-01.ibm.com/support/docview.wss?uid=swg21462438 http://www.securityfocus.com/bid/46432 http://www.vupen.com/english/advisories/2011/0423 https://exchange.xforce.ibmcloud.com/vulnerabilities/65448 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-1045
https://notcve.org/view.php?id=CVE-2011-1045
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. Vulnerabilidad no especificada en Rendition Engine (también conocido como P8RE) v4.0.1 hasta v4.5.1 de IBM FileNet P8 Content Manager (CM) permite a atacantes remotos obtener privilegios a través de vectores desconocidos. • http://secunia.com/advisories/43321 http://www-01.ibm.com/support/docview.wss?uid=swg21462440 http://www.securityfocus.com/bid/46424 http://www.vupen.com/english/advisories/2011/0406 https://exchange.xforce.ibmcloud.com/vulnerabilities/65417 •
CVE-2010-3319
https://notcve.org/view.php?id=CVE-2010-3319
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 coloca un token de sesión en la URI, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de un archivo de log "Referer". • http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 http://www.securityfocus.com/bid/43136 • CWE-255: Credentials Management Errors •