Vulnerability Details : CVE-2016-2861
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Vulnerability category: Information leak
Products affected by CVE-2016-2861
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:8.5.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2861
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2861
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
NIST |
CWE ids for CVE-2016-2861
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2861
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898
IBM PI60898: WebSphere eXtreme Scale is subject to HTTP response splitting attacks.
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897
IBM PI60897: WebSphere eXtreme Scale is subject to HTTP response splitting attacks.
-
http://www-01.ibm.com/support/docview.wss?uid=swg21983036
IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information (CVE-2016-2861, CVE-2016-0400)Patch;Vendor Advisory
Jump to