CVE-2016-5968

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21989374	Vendor Advisory
http://www.securityfocus.com/bid/94516
http://www-01.ibm.com/support/docview.wss?uid=swg21989374	Vendor Advisory
http://www.securityfocus.com/bid/94516

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:tealeaf_customer_experience::::::::
	cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0a:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1a:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2a:::::::*

History

21 Nov 2024, 02:55

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21989374 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21989374 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/94516 -~~	() http://www.securityfocus.com/bid/94516 -

Information

Published : 2016-11-25 03:59

Updated : 2024-11-21 02:55

NVD link : CVE-2016-5968

Mitre link : CVE-2016-5968

CVE.ORG link : CVE-2016-5968

JSON object : View

Products Affected

ibm

tealeaf_customer_experience

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2016-5968", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2016-11-25T03:59:11.533", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989374", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/94516", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989374", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94516", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors."}, {"lang": "es", "value": "El Replay Server en IBM Tealeaf Customer Experience 8.x en versiones anteriores a 8.7.1.8847 FP10, 8.8.x en versiones anteriores a 8.8.0.9049 FP9, 9.0.0 y 9.0.1 en versiones anteriores a 9.0.1.1117 FP5, 9.0.1A en versiones anteriores a 9.0.1.5108 FP5, 9.0.2 en versiones anteriores a 9.0.2.1223 FP3 y 9.0.2A en versiones anteriores a 9.0.2.5224 FP3 permite a atacantes remotos llevar a cabo ataques SSRF a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:55:17.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06154DF2-11C1-4D1E-8FD2-30258CCDFA38", "versionEndIncluding": "8.6"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41B6A77E-1686-44A6-B1E4-AC63A0466AE2"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBAC9796-BA52-48AF-9326-3C2343BE2342"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D705DD1-8F24-49B4-8D05-F0403A625016"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A2BAB44-B859-4209-BAFD-088E9583F31B"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D66B990-2034-46D9-AF8D-DE69B3161F38"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50EC1311-629F-401B-9AE3-8ECDE0CBF330"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AFA47D5-AC5B-4A1B-83A6-EE5D49ECE489"}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5FE2E49-88CF-4D61-8097-B3146A47BAED"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}