What is the severity of CVE-2009-4998?

CVE-2009-4998 is rated as a high severity vulnerability due to the potential for unauthorized access to documents.

How do I fix CVE-2009-4998?

To fix CVE-2009-4998, upgrade IBM FileNet P8 Application Engine to versions 3.5.1-019 or 4.0.2.7-P8AE-FP007 or later.

Which versions are affected by CVE-2009-4998?

CVE-2009-4998 affects IBM FileNet P8 Application Engine versions 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007.

What type of attack is possible with CVE-2009-4998?

CVE-2009-4998 may allow remote attackers to bypass security policies for documents added during the first session.

Is there a workaround for CVE-2009-4998?

There are no official workarounds for CVE-2009-4998, upgrading to a fixed version is the recommended action.

Vulnerability/
CVE-2009-4998

low

2.6

CWE

264

20/9/2010

3/10/2022

7/8/2024

CVE-2009-4998

First published: Mon Sep 20 2010(Updated: )

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM FileNet P8 Application Engine	=3.5.1-009
IBM FileNet P8 Application Engine	=3.5.1-011
IBM FileNet P8 Application Engine	=3.5.1-005
IBM FileNet P8 Application Engine	=3.5.1-014
IBM FileNet P8 Application Engine	=3.5.1-006
IBM FileNet P8 Application Engine	=3.5.1-013
IBM FileNet P8 Application Engine	=3.5.1-016
IBM FileNet P8 Application Engine	=3.5.1-004
IBM FileNet P8 Application Engine	=3.5.1
IBM FileNet P8 Application Engine	=3.5.1-018
IBM FileNet P8 Application Engine	=3.5.1-019
IBM FileNet P8 Application Engine	=3.5.1-007
IBM FileNet P8 Application Engine	=3.5.1-001
IBM FileNet P8 Application Engine	=3.5.1-012
IBM FileNet P8 Application Engine	=3.5.1-015
IBM FileNet P8 Application Engine	=3.5.1-010
IBM FileNet P8 Application Engine	=3.5.1-002
IBM FileNet P8 Application Engine	=3.5.1-008
IBM FileNet P8 Application Engine	=3.5.1-003
IBM FileNet P8 Application Engine	=3.5.1-017
IBM FileNet P8 Application Engine	=4.0.2-002
IBM FileNet P8 Application Engine	=4.0.2-006
IBM FileNet P8 Application Engine	=4.0.2-004
IBM FileNet P8 Application Engine	=4.0.2
IBM FileNet P8 Application Engine	=4.0.2-001
IBM FileNet P8 Application Engine	=4.0.2-005
IBM FileNet P8 Application Engine	=4.0.2-003

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4998?
CVE-2009-4998 is rated as a high severity vulnerability due to the potential for unauthorized access to documents.
How do I fix CVE-2009-4998?
To fix CVE-2009-4998, upgrade IBM FileNet P8 Application Engine to versions 3.5.1-019 or 4.0.2.7-P8AE-FP007 or later.
Which versions are affected by CVE-2009-4998?
CVE-2009-4998 affects IBM FileNet P8 Application Engine versions 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007.
What type of attack is possible with CVE-2009-4998?
CVE-2009-4998 may allow remote attackers to bypass security policies for documents added during the first session.
Is there a workaround for CVE-2009-4998?
There are no official workarounds for CVE-2009-4998, upgrading to a fixed version is the recommended action.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/ibm
canonical/ibm filenet p8 application engine
version/ibm filenet p8 application engine/3.5.1
version/ibm filenet p8 application engine/3.5.1-001
version/ibm filenet p8 application engine/3.5.1-002
version/ibm filenet p8 application engine/3.5.1-003
version/ibm filenet p8 application engine/3.5.1-004
version/ibm filenet p8 application engine/3.5.1-005
version/ibm filenet p8 application engine/3.5.1-006
version/ibm filenet p8 application engine/3.5.1-007
version/ibm filenet p8 application engine/3.5.1-008
version/ibm filenet p8 application engine/3.5.1-009
version/ibm filenet p8 application engine/3.5.1-010
version/ibm filenet p8 application engine/3.5.1-011
version/ibm filenet p8 application engine/3.5.1-012
version/ibm filenet p8 application engine/3.5.1-013
version/ibm filenet p8 application engine/3.5.1-014
version/ibm filenet p8 application engine/3.5.1-015
version/ibm filenet p8 application engine/3.5.1-016
version/ibm filenet p8 application engine/3.5.1-017
version/ibm filenet p8 application engine/3.5.1-018
version/ibm filenet p8 application engine/3.5.1-019
version/ibm filenet p8 application engine/4.0.2
version/ibm filenet p8 application engine/4.0.2-001
version/ibm filenet p8 application engine/4.0.2-002
version/ibm filenet p8 application engine/4.0.2-003
version/ibm filenet p8 application engine/4.0.2-004
version/ibm filenet p8 application engine/4.0.2-005
version/ibm filenet p8 application engine/4.0.2-006