| Vulnerability Name: | CVE-2010-2896 (CCN-60481) | ||||||||
| Assigned: | 2010-07-19 | ||||||||
| Published: | 2010-07-19 | ||||||||
| Updated: | 2010-07-29 | ||||||||
| Summary: | IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21441225 'Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/' | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-2896 Source: CCN Type: SA40614 IBM FileNet Content Manager InheritParentPermissions Security Issue Source: SECUNIA Type: Vendor Advisory 40614 Source: CCN Type: IBM Support and Downloads Potential issue with security inheritance on folders after migrating a FileNet Content Manager system from 3.x to 4.x. Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21441225 Source: CCN Type: OSVDB ID: 66448 IBM FileNet Content Manager InheritParentPermissions Security Inheritance Weakness Source: VUPEN Type: Vendor Advisory ADV-2010-1847 Source: XF Type: UNKNOWN filenet-inheritparentpermissions-sec-bypass(60481) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||