CVE-2016-2957

Опубликовано: 30 нояб. 2016

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990864
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94300
Third Party Advisory
VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990864
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94300
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00161

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-849g-mx4m-3h2v