CVE-2016-5979
low
CVSS v3
2.7
CVSS v2
4.0
VIR risk
2.7
Description
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.
Predictions
Exploit likelihood
39%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21999526
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | distributed_marketing | 8.6.0.0 | |
| ibm | distributed_marketing | 8.6.0.2 | |
| ibm | distributed_marketing | 8.6.0.3 | |
| ibm | distributed_marketing | 8.6.0.4 | |
| ibm | distributed_marketing | 8.6.0.5 | |
| ibm | distributed_marketing | 8.6.0.6 | |
| ibm | distributed_marketing | 8.6.0.7 | |
| ibm | distributed_marketing | 8.6.0.8 | |
| ibm | distributed_marketing | 8.6.0.9 | |
| ibm | distributed_marketing | 8.6.0.10 | |
| ibm | distributed_marketing | 9.1.0.0 | |
| ibm | distributed_marketing | 9.1.0.2 | |
| ibm | distributed_marketing | 9.1.0.3 | |
| ibm | distributed_marketing | 9.1.0.4 | |
| ibm | distributed_marketing | 9.1.0.5 | |
| ibm | distributed_marketing | 9.1.0.6 | |
| ibm | distributed_marketing | 9.1.0.7 | |
| ibm | distributed_marketing | 9.1.0.8 | |
| ibm | distributed_marketing | 9.1.0.9 | |
| ibm | distributed_marketing | 9.1.0.10 | |
| ibm | distributed_marketing | 9.1.0.11 | |
| ibm | distributed_marketing | 9.1.2.0 | |
| ibm | distributed_marketing | 9.1.2.1 | |
| ibm | distributed_marketing | 9.1.2.2 | |
| ibm | distributed_marketing | 9.1.2.3 | |
| ibm | distributed_marketing | 10.0.0.0 | |
| ibm | distributed_marketing | 10.0.0.1 | |
References
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.