The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 prior to 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm filenet p8 application engine 3.5.1 |