Vulnerability Details : CVE-2017-1474
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.
Vulnerability category: Information leak
Products affected by CVE-2017-1474
- IBM » Security Access Manager For WebVersions from including (>=) 7.0.0 and up to, including, (<=) 7.0.0.32cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*
- IBM » Security Access Manager For WebVersions from including (>=) 8.0.0 and up to, including, (<=) 8.0.1.6cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*
- IBM » Security Access Manager For MobileVersions from including (>=) 8.0.0 and up to, including, (<=) 8.0.1.6cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1474
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1474
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
IBM Corporation |
CWE ids for CVE-2017-1474
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1474
-
http://www.ibm.com/support/docview.wss?uid=swg22012329
IBM Security Bulletin: IBM Security Access Manager and IBM Tivoli Access Manager for e-business are affected by an information exposure vulnerability (CVE-2017-1474)Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/104476
IBM Security Access Manager Appliance CVE-2017-1474 Unspecified Information Disclosure VulnerabilityVDB Entry;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/128606
IBM Security Access Manager information disclosure CVE-2017-1474 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to