cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2006-7242,https://securityvulnerability.io/vulnerability/CVE-2006-7242,,"The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.",IBM,Filenet P8 Application Engine,,,0.0011399999493733048,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2008-7261,https://securityvulnerability.io/vulnerability/CVE-2008-7261,,"The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.",IBM,Filenet P8 Application Engine,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2009-4998,https://securityvulnerability.io/vulnerability/CVE-2009-4998,,"The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.",IBM,Filenet P8 Application Engine,,,0.002460000105202198,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2009-4999,https://securityvulnerability.io/vulnerability/CVE-2009-4999,,Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.,IBM,Filenet P8 Application Engine,,,0.0012199999764561653,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2009-5000,https://securityvulnerability.io/vulnerability/CVE-2009-5000,,Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages.,IBM,Filenet P8 Application Engine,,,0.0012199999764561653,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2009-5001,https://securityvulnerability.io/vulnerability/CVE-2009-5001,,"The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.2-P8AE-FP002 grants a document's Creator-Owner full control over an annotation object, even if the default instance security has changed, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.",IBM,Filenet P8 Application Engine,,,0.0011399999493733048,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2009-5002,https://securityvulnerability.io/vulnerability/CVE-2009-5002,,"The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection.",IBM,Filenet P8 Application Engine,,,0.0027799999807029963,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2010-3470,https://securityvulnerability.io/vulnerability/CVE-2010-3470,,Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,IBM,Filenet P8 Application Engine,,,0.017510000616312027,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2010-3471,https://securityvulnerability.io/vulnerability/CVE-2010-3471,,Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.,IBM,Filenet P8 Application Engine,,,0.0032599999103695154,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2010-3472,https://securityvulnerability.io/vulnerability/CVE-2010-3472,,Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,IBM,Filenet P8 Application Engine,,,0.0050200000405311584,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2010-3473,https://securityvulnerability.io/vulnerability/CVE-2010-3473,,Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,IBM,Filenet P8 Application Engine,,,0.005090000107884407,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0
CVE-2006-7241,https://securityvulnerability.io/vulnerability/CVE-2006-7241,,"The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.",IBM,Filenet P8 Application Engine,,,0.0011399999493733048,false,,false,false,false,,,false,false,,2010-09-20T22:00:00.000Z,0