CVE-2016-0247 : IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users

IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.

Published 2016-10-22 03:59:08

Updated 2016-11-28 19:52:48

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2016-0247

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-0247

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-0247

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-0247

http://www-01.ibm.com/support/docview.wss?uid=swg21990368

IBM Security Bulletin: IBM Security Guardium is affected by Password in Clear Text vulnerability (CVE-2016-0247)
Patch;Vendor Advisory
http://www.securityfocus.com/bid/93341

IBM Security Guardium CVE-2016-0247 Local Information Disclosure Vulnerability

Products affected by CVE-2016-0247

IBM » Security Guardium » Version: 8.2
cpe:2.3:a:ibm:security_guardium:8.2:*:*:*:*:*:*:*
Matching versions
IBM » Security Guardium » Version: 9.0
cpe:2.3:a:ibm:security_guardium:9.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Guardium » Version: 9.1
cpe:2.3:a:ibm:security_guardium:9.1:*:*:*:*:*:*:*
Matching versions
IBM » Security Guardium » Version: 10.0
cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Guardium » Version: 9.5
cpe:2.3:a:ibm:security_guardium:9.5:*:*:*:*:*:*:*
Matching versions
IBM » Security Guardium » Version: 10.1
cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*
Matching versions
IBM » Security Guardium » Version: 10.01
cpe:2.3:a:ibm:security_guardium:10.01:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-0247

Exploit prediction scoring system (EPSS) score for CVE-2016-0247

CVSS scores for CVE-2016-0247

CWE ids for CVE-2016-0247

References for CVE-2016-0247

Products affected by CVE-2016-0247