VYPR
Unrated severityNVD Advisory· Published Sep 20, 2010· Updated Jun 16, 2026

CVE-2009-5001

CVE-2009-5001

Description

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.

Affected products

3
  • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:filenet_p8_application_engine:4.0.2:001:*:*:*:*:*:*
    • (no CPE)range: <4.0.2.2-P8AE-FP002

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.