CVE-2008-4581
Description
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users can bypass document view restrictions in IBM ENOVIA SmarTeam by using the Workflow Process view.
Vulnerability
The Editor in IBM ENOVIA SmarTeam versions before release 18 SP5 and release 19 before SP01 fails to enforce access control restrictions when viewing Document objects through the Workflow Process (Flow Process) view [1]. Affected versions include SmarTeam 5 prior to release 18 SP5 and release 19 prior to SP01.
Exploitation
An authenticated user with permissions that deny the View operation on Released and Obsolete states can bypass this restriction by initiating a workflow process on a Document object, then opening the Workflow Process view, selecting the Document, and opening the Viewer tab [1]. The viewer displays the document content despite the denied permission.
Impact
Successful exploitation allows an attacker to read Document objects that they are not authorized to view, resulting in unauthorized information disclosure [1].
Mitigation
IBM fixed this issue in SmarTeam version 5 release 19 SP01 [1]. Users should upgrade to the fixed version. No workaround is provided in the available references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:ibm:enovia_smarteam:5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:enovia_smarteam:5:*:*:*:*:*:*:*
- (no CPE)range: <18 SP5, <19 SP01
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/32105nvdVendor Advisory
- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- www-1.ibm.com/support/docview.wssnvdVendor Advisory
- www.securityfocus.com/bid/31748nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45943nvd
News mentions
0No linked articles in our index yet.