The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 prior to 3.5.1-019 and 4.0.2.x prior to 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote malicious users to bypass intended access restrictions via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm filenet p8 application engine 3.5.1 |
||
ibm filenet p8 application engine 4.0.2 |