CVE-2010-2896
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.
IBM FileNet Content Manager (CM) v4.0.0, v4.0.1, v4.5.0 y v4.5.1 anterior a FP4 no maneja adecuadamente la configuraciĆ³n de InheritParentPermissions durante la actualizaciĆ³n de 3.x, esto puede permitir a los atacantes evitar los permisos de carpeta pretendidos mediante vectores desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-07-28 CVE Reserved
- 2010-07-28 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40614 | 2010-07-29 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21441225 | 2010-07-29 | |
| http://www.vupen.com/english/advisories/2010/1847 | 2010-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Filenet Content Manager Search vendor "Ibm" for product "Filenet Content Manager" | 4.0.0 Search vendor "Ibm" for product "Filenet Content Manager" and version "4.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Filenet Content Manager Search vendor "Ibm" for product "Filenet Content Manager" | 4.0.1 Search vendor "Ibm" for product "Filenet Content Manager" and version "4.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Filenet Content Manager Search vendor "Ibm" for product "Filenet Content Manager" | 4.5.0 Search vendor "Ibm" for product "Filenet Content Manager" and version "4.5.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Filenet Content Manager Search vendor "Ibm" for product "Filenet Content Manager" | 4.5.1 Search vendor "Ibm" for product "Filenet Content Manager" and version "4.5.1" | - |
Affected
| ||||||