IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/123673 | VDB Entry Vendor Advisory |
https://www-01.ibm.com/support/docview.wss?uid=ibm10737581 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/123673 | VDB Entry Vendor Advisory |
https://www-01.ibm.com/support/docview.wss?uid=ibm10737581 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/123673 - VDB Entry, Vendor Advisory | |
References | () https://www-01.ibm.com/support/docview.wss?uid=ibm10737581 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 3.7 |
Information
Published : 2019-02-05 18:29
Updated : 2024-11-21 03:21
NVD link : CVE-2017-1198
Mitre link : CVE-2017-1198
CVE.ORG link : CVE-2017-1198
JSON object : View
Products Affected
ibm
- bigfix_compliance
CWE
CWE-532
Insertion of Sensitive Information into Log File