CVE-2017-1355
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://www.ibm.com/support/docview.wss?uid=swg22005836
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/126682
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | atlas_ediscovery_process_management | 6.0.3 | |
| ibm | atlas_ediscovery_process_management | 6.0.3.2 | |
| ibm | atlas_ediscovery_process_management | 6.0.3.3 | |
| ibm | atlas_ediscovery_process_management | 6.0.3.4 | |
| ibm | atlas_ediscovery_process_management | 6.0.3.5 | |
References
- http://www.securityfocus.com/bid/102016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126682
- https://www.ibm.com/support/docview.wss?uid=swg22005836
- http://www.securityfocus.com/bid/102016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126682
- https://www.ibm.com/support/docview.wss?uid=swg22005836
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.