Lucene search

MitreCVE-2009-4999

HistorySep 20, 2010 - 10:00 p.m.

CVE-2009-4999

2010-09-2022:00:03

CWE-79

mitre

web.nvd.nist.gov

cve-2009-4999

cross-site scripting

xss

ibm filenet

p8ae

workplace component

nvd

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field.

Affected configurations

Nvd

Node

ibmfilenet_p8_application_engineMatch3.5.1

ibmfilenet_p8_application_engineMatch3.5.1001

ibmfilenet_p8_application_engineMatch3.5.1002

ibmfilenet_p8_application_engineMatch3.5.1003

ibmfilenet_p8_application_engineMatch3.5.1004

ibmfilenet_p8_application_engineMatch3.5.1005

ibmfilenet_p8_application_engineMatch3.5.1006

ibmfilenet_p8_application_engineMatch3.5.1007

ibmfilenet_p8_application_engineMatch3.5.1008

ibmfilenet_p8_application_engineMatch3.5.1009

ibmfilenet_p8_application_engineMatch3.5.1010

ibmfilenet_p8_application_engineMatch3.5.1011

ibmfilenet_p8_application_engineMatch3.5.1012

ibmfilenet_p8_application_engineMatch3.5.1013

ibmfilenet_p8_application_engineMatch3.5.1014

ibmfilenet_p8_application_engineMatch3.5.1015

VendorProductVersionCPE
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:*:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:::::::*
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009::::::

Rows per page:

1-10 of 161

References

download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm

www-01.ibm.com/support/docview.wss?uid=swg1PJ34852

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Related for CVE-2009-4999