Vulnerabilities > IBM > Filenet Content Manager > 4.5.0

DATE CVE VULNERABILITY TITLE RISK
2014-01-22 CVE-2013-6746 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2010-09-13 CVE-2010-3320 Improper Input Validation vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1
Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm CWE-20
6.8
6.8
2010-09-13 CVE-2010-3319 Credentials Management vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.
network
low complexity
ibm CWE-255
5.0
5.0
2010-09-13 CVE-2010-3318 Credentials Management vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
ibm CWE-255
5.0
5.0
2010-09-13 CVE-2010-3317 Cross-Site Scripting vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1
Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2010-07-28 CVE-2010-2896 Permissions, Privileges, and Access Controls vulnerability in IBM Filenet Content Manager
IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.
network
ibm CWE-264
4.3
4.3