N/A

IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query.

N/A

N/A

IBM Content Collector for Email 权限许可和访问控制漏洞

IBM Content Collector for Email是美国IBM公司的一套面向法规、合规性和IT管理的电子邮件归档解决方案。该方案支持自定义策略收集和归档消息、管理同一系统的法律证据保留和记录保留等。 IBM Content Collector for Email 3.0版本和4.0版本中存在安全漏洞，该漏洞源于程序使用IBM Content Search Services搜索IBM FileNet P8系统时，没有正确处理查询操作。本地攻击者可借助特制的搜索查询利用该漏洞绕过既定的docume

N/A

N/A