Security Bulletin: Information Disclosure in IBM MessageSight (CVE-2016-0378)

Summary

There is an Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty used by IBM MessageSight

Vulnerability Details

CVEID: CVE-2016-0378**
DESCRIPTION:** IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions when a default error page does not exist.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112240&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM MessageSight 1.1 – 2.0

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT18037| 1.1.0.1-IBM-IMA-IFIT18037

IBM MessageSight|
1.2| IT18037| 1.2.0.3-IBM-IMA-IFIT18037
IBM MessageSight| 2.0| IT18037| 2.0.0.1-IBM-IMA-IFIT18037

Workarounds and Mitigations

None