CVE Vulnerabilities

CVE-2009-1953

Published: Jun 08, 2009 | Modified: Jan 29, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Filenet_content_manager Ibm 4.5 4.5
Filenet_content_manager Ibm 4.0.1 4.0.1
Filenet_content_manager Ibm 4.0 4.0

References