CVE-2017-1119

{"id": "CVE-2017-1119", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-11-09T01:29:00.337", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738519", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121171", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171."}, {"lang": "es", "value": "IBM Marketing Operations 9.1.0, 9.1.2 y 10.1 pueden permitir que un atacante remoto obtenga informaci\u00f3n sensible. Un atacante puede enviar una petici\u00f3n especialmente manipulada para que se devuelva un mensaje de error que contenga la ruta de root completa. Un atacante podr\u00eda utilizar esta informaci\u00f3n para lanzar m\u00e1s ataques contra el sistema afectado. IBM X-Force ID: 121171."}], "lastModified": "2019-10-09T23:26:03.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:marketing_operations:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45596737-8425-4E13-BEE8-3F58E6405393", "versionEndIncluding": "9.1.0.12", "versionStartIncluding": "9.1.0.0"}, {"criteria": "cpe:2.3:a:ibm:marketing_operations:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93137CAF-FF3A-4D92-9867-202EDBB95C95", "versionEndIncluding": "9.1.2.7", "versionStartIncluding": "9.1.2.0"}, {"criteria": "cpe:2.3:a:ibm:marketing_operations:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED76351E-8D8B-43FA-985E-E80F3208F7A5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}