IBM Sterling Order Management 9.2/9.3/9.4/9.5 cross site request forgery
| CVSS Meta Temp Score | Exploit Nuvarande Pris (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
I IBM Sterling Order Management 9.2/9.3/9.4/9.5 (Business Process Management Software) var en problematiskt svag punkt finns. Som påverkar en okänd funktion. Manipulering en okänd ingång leder till en sårbarhet klass cross site request forgery svag punkt.
Felet upptäcktes på 27/03/2017. Den svaga punkten är publicerad 31/03/2017 (Website) (ej definierad). Den rådgivande finns tillgänglig för nedladdning på ibm.com. Denna svaga punkt är känd som CVE-2016-8917. Attacken på nätet kan. Ingen autentisering-krävs för användning. Det finns inga tekniska detaljer fortfarande en exploit kända.
Minst 4 dagar var den svaga punkten som 0-day.
Det finns inga kända uppgifter om åtgärder. Användningen av en alternativ produkt är användbar.
Sårbarheten dokumenteras i databaser SecurityFocus (BID 97150).
Produkt
Type
Tillverkare
Name
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.5
VulDB Base Score: 4.3
VulDB Temp Score: 4.3
VulDB Vector: 🔍
VulDB Tillförlitlighet: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Tillförlitlighet: 🔍
NVD Base Score: 🔍
Exploiting
Klass: Cross site request forgeryCWE: CWE-352
ATT&CK: Okänd
Lokal: Ingen
Avlägsna: Ja
Tillgänglighet: 🔍
Status: Ej definierad
Price Prediction: 🔍
Nuvarande pris uppskattning: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| I dag | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: 🔍Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Motåtgärder: 🔍
Motåtgärder
Rekommendation: Ingen känd åtgärdStatus: 🔍
0-Day Time: 🔍
Tidslinje
25/10/2016 🔍27/03/2017 🔍
27/03/2017 🔍
31/03/2017 🔍
31/03/2017 🔍
01/04/2017 🔍
01/04/2017 🔍
Svälla
Tillverkare: https://www.ibm.com/Rådgivande: ibm.com
Status: Ej definierad
Bekräftelse: 🔍
CVE: CVE-2016-8917 (🔍)
SecurityFocus: 97150 - IBM Sterling Selling and Fulfillment Foundation Cross Site Request Forgery Vulnerability
OSVDB: - CVE-2016-8917 - IBM - Sterling Order Management - Cross-Site Request Forgery Issue
Entry
Skapad: 01/04/2017 10:08 AMChanges: (64) software_type software_vendor software_name software_version vulnerability_discoverydate vulnerability_cwe vulnerability_risk vulnerability_cvss2_vuldb_basescore vulnerability_cvss2_vuldb_tempscore vulnerability_cvss2_vuldb_av vulnerability_cvss2_vuldb_ac vulnerability_cvss2_vuldb_au vulnerability_cvss2_vuldb_ci vulnerability_cvss2_vuldb_ii vulnerability_cvss2_vuldb_ai vulnerability_cvss2_nvd_av vulnerability_cvss2_nvd_ac vulnerability_cvss2_nvd_au vulnerability_cvss2_nvd_ci vulnerability_cvss2_nvd_ii vulnerability_cvss2_nvd_ai vulnerability_cvss3_meta_basescore vulnerability_cvss3_meta_tempscore vulnerability_cvss3_vuldb_basescore vulnerability_cvss3_vuldb_tempscore vulnerability_cvss3_vuldb_av vulnerability_cvss3_vuldb_ac vulnerability_cvss3_vuldb_pr vulnerability_cvss3_vuldb_ui vulnerability_cvss3_vuldb_s vulnerability_cvss3_vuldb_c vulnerability_cvss3_vuldb_i vulnerability_cvss3_vuldb_a vulnerability_cvss3_nvd_av vulnerability_cvss3_nvd_ac vulnerability_cvss3_nvd_pr vulnerability_cvss3_nvd_ui vulnerability_cvss3_nvd_s vulnerability_cvss3_nvd_c vulnerability_cvss3_nvd_i vulnerability_cvss3_nvd_a advisory_date advisory_url advisory_confirm_url exploit_price_0day exploit_price_trend source_cve source_cve_assigned source_cve_nvd_published source_cve_nvd_summary source_osvdb_title source_securityfocus source_securityfocus_date source_securityfocus_class source_securityfocus_title advisory_location vulnerability_cvss2_vuldb_e vulnerability_cvss2_vuldb_rl vulnerability_cvss2_vuldb_rc vulnerability_cvss3_vuldb_e vulnerability_cvss3_vuldb_rl vulnerability_cvss3_vuldb_rc exploit_0day_days vulnerability_cvss3_nvd_basescore
Fullborda: 🔍
Comments
Might our Artificial Intelligence support you?
Check our Alexa App!
No comments yet. Please log in to comment.