Vulnerability Details : CVE-2016-0375
JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.
Products affected by CVE-2016-0375
- cpe:2.3:a:ibm:messagesight:1.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:1.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:1.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:1.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:messagesight:1.1.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0375
1.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0375
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-0375
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0375
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT15674
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT15743
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg21985064
IBM Security Bulletin: RCE vulnerability in JMS Client in IBM MessageSight (CVE-2016-0375)Vendor Advisory
Jump to