cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-38366,https://securityvulnerability.io/vulnerability/CVE-2023-38366,Remote Directory Traversal Vulnerability Affects IBM Filenet Content Manager,"A directory traversal vulnerability exists in the IBM Filenet Content Manager, specifically affecting version 5.5.8.0, 5.5.10.0, and 5.5.11.0. This issue could be exploited by a remote attacker who sends a specially crafted URL containing 'dot dot' sequences (/../) to traverse directories and access sensitive files on the server. Proper input validation mechanisms should be periodically evaluated to prevent unauthorized file access.",IBM,Filenet Content Manager,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-01T02:26:54.534Z,0
CVE-2023-47716,https://securityvulnerability.io/vulnerability/CVE-2023-47716,Unusual Circumstances Could Lead to User Privilege Escalation,"The vulnerability in the IBM Filenet Content Manager allows for a scenario where a user can potentially acquire the privileges of another user, leading to unauthorized access and manipulation of sensitive resources. This issue affects specific versions of the Filenet Content Manager Component, highlighting the importance of ensuring proper security measures are in place to safeguard against such anomalies.",IBM,Filenet Content Manager,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T02:22:48.137Z,0
CVE-2023-35905,https://securityvulnerability.io/vulnerability/CVE-2023-35905,IBM FileNet Content Manager cross-site scripting,"IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  259384.",IBM,Filenet Content Manager,4.6,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-10-04T01:15:00.000Z,0
CVE-2021-38965,https://securityvulnerability.io/vulnerability/CVE-2021-38965,Remote Command Execution Vulnerability in IBM FileNet Content Manager,"A vulnerability in IBM FileNet Content Manager versions 5.5.4, 5.5.6, and 5.5.7 allows remote authenticated attackers to execute arbitrary commands on the system. This security issue can be exploited by sending specially crafted requests, potentially compromising the integrity and availability of the system. Organizations using affected versions should apply the necessary security patches to mitigate the risk associated with this vulnerability.",IBM,Filenet Content Manager,6.3,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2022-01-17T18:15:00.000Z,0
CVE-2020-4759,https://securityvulnerability.io/vulnerability/CVE-2020-4759,,"IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.",IBM,Filenet Content Manager,7,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2020-11-09T21:15:00.000Z,0
CVE-2020-4447,https://securityvulnerability.io/vulnerability/CVE-2020-4447,,IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227.,IBM,Filenet Content Manager,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-07-23T16:15:00.000Z,0
CVE-2019-4572,https://securityvulnerability.io/vulnerability/CVE-2019-4572,,"IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.",IBM,Filenet Content Manager,4.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-10-14T14:15:00.000Z,0
CVE-2018-1844,https://securityvulnerability.io/vulnerability/CVE-2018-1844,,IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.,IBM,Filenet Content Manager,7.1,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2018-10-12T11:29:00.000Z,0
CVE-2016-8921,https://securityvulnerability.io/vulnerability/CVE-2016-8921,,"IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.",IBM,Filenet Content Manager,8.8,HIGH,0.0038300000596791506,false,,false,false,false,,,false,false,,2017-02-01T20:00:00.000Z,0
CVE-2014-4763,https://securityvulnerability.io/vulnerability/CVE-2014-4763,,Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,IBM,"Filenet Content Foundation,Filenet Content Manager",,,0.0012799999676644802,false,,false,false,false,,,false,false,,2014-09-15T14:00:00.000Z,0
CVE-2013-6746,https://securityvulnerability.io/vulnerability/CVE-2013-6746,,"Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",IBM,"Filenet P8 Business Process Manager,Filenet Case Foundation,Filenet Content Manager",,,0.0019000000320374966,false,,false,false,false,,,false,false,,2014-01-22T02:00:00.000Z,0
CVE-2013-5449,https://securityvulnerability.io/vulnerability/CVE-2013-5449,,"Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",IBM,Filenet Content Manager,,,0.001769999973475933,false,,false,false,false,,,false,false,,2013-12-04T02:00:00.000Z,0
CVE-2011-1045,https://securityvulnerability.io/vulnerability/CVE-2011-1045,,Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.,IBM,"Filenet P8 Rendition Engine,Filenet P8 Content Manager",,,0.009390000253915787,false,,false,false,false,,,false,false,,2011-02-21T17:00:00.000Z,0
CVE-2011-1046,https://securityvulnerability.io/vulnerability/CVE-2011-1046,,"IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.",IBM,"Filenet P8 Content Engine,Filenet P8 Business Process Manager,Filenet P8 Content Manager",,,0.0066200001165270805,false,,false,false,false,,,false,false,,2011-02-21T17:00:00.000Z,0
CVE-2010-3320,https://securityvulnerability.io/vulnerability/CVE-2010-3320,,Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,IBM,Filenet Content Manager,,,0.005200000014156103,false,,false,false,false,,,false,false,,2010-09-13T21:00:00.000Z,0
CVE-2010-3317,https://securityvulnerability.io/vulnerability/CVE-2010-3317,,Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,IBM,Filenet Content Manager,,,0.002520000096410513,false,,false,false,false,,,false,false,,2010-09-13T21:00:00.000Z,0
CVE-2010-3318,https://securityvulnerability.io/vulnerability/CVE-2010-3318,,"IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.",IBM,Filenet Content Manager,,,0.0029200001154094934,false,,false,false,false,,,false,false,,2010-09-13T21:00:00.000Z,0
CVE-2010-3319,https://securityvulnerability.io/vulnerability/CVE-2010-3319,,"IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.",IBM,Filenet Content Manager,,,0.0026599999982863665,false,,false,false,false,,,false,false,,2010-09-13T21:00:00.000Z,0
CVE-2010-2896,https://securityvulnerability.io/vulnerability/CVE-2010-2896,,"IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.",IBM,Filenet Content Manager,,,0.0016899999463930726,false,,false,false,false,,,false,false,,2010-07-28T20:00:00.000Z,0
CVE-2009-1953,https://securityvulnerability.io/vulnerability/CVE-2009-1953,,"IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.",IBM,Filenet Content Manager,,,0.001820000004954636,false,,false,false,false,,,false,false,,2009-06-08T01:00:00.000Z,0