Unauthenticated Privileged Property Modification in IBM FileNet P8 Content Engine

Unauthenticated Privileged Property Modification in IBM FileNet P8 Content Engine

CVE-2011-1046 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.