VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 20, 2010· Updated Apr 29, 2026

CVE-2009-4998

CVE-2009-4998

Description

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

Affected products

27
  • IBM/Filenet P8 Application Engine27 versions
    cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:010:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:011:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:012:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:013:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:014:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:015:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:016:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:017:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:018:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:019:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:001:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:002:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:003:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:004:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:005:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:006:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.