Unauthenticated Privileged Property Modification in IBM FileNet P8 Content Engine
CVE-2011-1046 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.
Learn more about our Web Application Penetration Testing UK.