{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:21:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1847", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1847"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21441225"}, {"name": "40614", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40614"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2896", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1847", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1847"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21441225", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21441225"}, {"name": "40614", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40614"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2896", "datePublished": "2022-10-03T16:21:07", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:21:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "18A3291E-2746-40BF-B60A-03EEAAC9BAB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0EEDD182-2A22-44AB-A325-57C307819C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F852D8F-AFB9-44C7-878D-8A9D6279ACE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "05F86DAF-332E-4CF1-9D7D-99A8AD10B155", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors."}, {"lang": "es", "value": "IBM FileNet Content Manager (CM) v4.0.0, v4.0.1, v4.5.0 y v4.5.1 anterior a FP4 no maneja adecuadamente la configuraci\u00f3n de InheritParentPermissions durante la actualizaci\u00f3n de 3.x, esto puede permitir a los atacantes evitar los permisos de carpeta pretendidos mediante vectores desconocidos."}], "evaluatorSolution": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21441225\r\n\r\n'Fix Central can be found at: http://www-933.ibm.com/support/fixcentral/'", "id": "CVE-2010-2896", "lastModified": "2010-07-29T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-07-28T20:00:07.870", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40614"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21441225"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1847"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}