MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
http://www.vupen.com/english/advisories/2007/0814
http://www.securityfocus.com/bid/22785