IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote malicious users to obtain access with the credentials of a recently authenticated user via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm filenet content manager 4.0.1 |
||
ibm filenet content manager 4.5 |
||
ibm filenet content manager 4.0 |