CVE-2016-9717

{"id": "CVE-2016-9717", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-07-31T21:29:00.407", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg22006605", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/100074", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119730", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited."}, {"lang": "es", "value": "La anulaci\u00f3n de par\u00e1metros HTTP es identificada en el producto IBM Infosphere Master Data Management (MDM) versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6. Permite a los atacantes exponer la presencia de par\u00e1metros duplicados que pueden producir un comportamiento irregular en la aplicaci\u00f3n que puede ser potencialmente explotada."}], "lastModified": "2017-08-03T15:56:29.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B176246A-FFAD-46E5-ACED-144925A35CFE"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54ABD5B3-167A-403E-AF24-4648ED141EC6"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD87A187-8144-4862-95B5-4431B14939CF"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE14EFD3-EE7A-4115-8ACB-E84C2C9D7C6B"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245897F6-4514-4311-8842-0E7CA4D39F70"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server:11.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70161811-DB7E-4675-BF8B-CEEA38A2C69A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}