IBM Sterling Order Management 9.2/9.3/9.4/9.5 cross-site request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in IBM Sterling Order Management 9.2/9.3/9.4/9.5 (Business Process Management Software) and classified as problematic. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field04/01/2017 10:08 AM
typeBusiness Process Management Software
vendorIBM
nameSterling Order Management
version9.2/9.3/9.4/9.5
discoverydate1490572800
cwe352 (cross site request forgery)
risk1
cvss2_vuldb_basescore4.3
cvss2_vuldb_tempscore4.3
cvss2_vuldb_avN
cvss2_vuldb_acM
cvss2_vuldb_auN
cvss2_vuldb_ciN
cvss2_vuldb_iiP
cvss2_vuldb_aiN
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_meta_basescore6.5
cvss3_meta_tempscore6.5
cvss3_vuldb_basescore4.3
cvss3_vuldb_tempscore4.3
cvss3_vuldb_avN
cvss3_vuldb_acL
cvss3_vuldb_prN
cvss3_vuldb_uiR
cvss3_vuldb_sU
cvss3_vuldb_cN
cvss3_vuldb_iL
cvss3_vuldb_aN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
date1490918400 (03/31/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22000943
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22000943
price_0day$5k-$25k
price_trend+
cveCVE-2016-8917
cve_assigned1477353600
cve_nvd_published1490918400
cve_nvd_summaryIBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.
osvdb_titleCVE-2016-8917 - IBM - Sterling Order Management - Cross-Site Request Forgery Issue
securityfocus97150
securityfocus_date1490572800 (03/27/2017)
securityfocus_classDesign Error
securityfocus_titleIBM Sterling Selling and Fulfillment Foundation Cross Site Request Forgery Vulnerability
locationWebsite
cvss2_vuldb_eND
cvss2_vuldb_rlND
cvss2_vuldb_rcND
cvss3_vuldb_eX
cvss3_vuldb_rlX
cvss3_vuldb_rcX
0day_days4
cvss3_nvd_basescore8.8

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!