7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
90.1%
There is a vulnerability in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. [CVE-2016-1000027]
CVEID:CVE-2016-1000027
**DESCRIPTION:**Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw in the library. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174367 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM OpenPages for IBM Cloud Pak for Data 8.300.x, 8.301.x or 8.302.x
Affected Product(s) | Version(s) |
---|---|
IBM OpenPages for Cloud Pak for Data | 4.5.x & 4.6.x |
IBM strongly recommends addressing the vulnerability now by upgrading.
If you are using IBM OpenPages for IBM Cloud Pak for Data 8.300.x, 8.301.x or 8.302.x, you will need to upgrade to
1. IBM Cloud Pak for Data Version 4.7or later** **
2. IBM OpenPages for IBM Cloud Pak for Data 8.302.2or later** **
Upgrade installation instructions are provided at the URL listed below:
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=openpages-upgrading>
None
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
90.1%