- Description
- IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
- Comment
- -
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18A3291E-2746-40BF-B60A-03EEAAC9BAB7"
},
{
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EEDD182-2A22-44AB-A325-57C307819C1C"
},
{
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F852D8F-AFB9-44C7-878D-8A9D6279ACE6"
},
{
"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05F86DAF-332E-4CF1-9D7D-99A8AD10B155"
}
],
"operator": "OR"
}
]
}
]