CVE-2009-1953

Published: Jun 8, 2009Modified: Apr 23, 2026

4.6

Vector

AV:N/AC:H/Au:S/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Affected (3)

Products: Ibm: Filenet Content Manager

1 product

Filenet Content Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Filenet Content Manager	Version 4.0.1
Ibm Filenet Content Manager	Version 4.0
Ibm Filenet Content Manager	Version 4.5

Related CWEs

References (8)

http://secunia.com/advisories/35347

Source: cve@mitre.org

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21389281

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/35228

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1512

Source: cve@mitre.org

http://secunia.com/advisories/35347

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21389281

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/35228

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1512

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.