Lucene search

[email protected]NVD:CVE-2016-9693

HistoryMar 07, 2017 - 5:59 p.m.

CVE-2016-9693

2017-03-0717:59:00

CWE-20

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

25.4%

JSON

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim’s machine. IBM Reference #: 1998655.

Affected configurations

NVD

Node

ibmbusiness_process_managerMatch7.5.0.0

ibmbusiness_process_managerMatch7.5.0.0advanced

ibmbusiness_process_managerMatch7.5.0.0express

ibmbusiness_process_managerMatch7.5.0.0standard

ibmbusiness_process_managerMatch7.5.0.1

ibmbusiness_process_managerMatch7.5.0.1advanced

ibmbusiness_process_managerMatch7.5.0.1express

ibmbusiness_process_managerMatch7.5.0.1standard

ibmbusiness_process_managerMatch7.5.1.0

ibmbusiness_process_managerMatch7.5.1.0advanced

ibmbusiness_process_managerMatch7.5.1.0express

ibmbusiness_process_managerMatch7.5.1.0standard

ibmbusiness_process_managerMatch7.5.1.1

ibmbusiness_process_managerMatch7.5.1.1advanced

ibmbusiness_process_managerMatch7.5.1.1express

ibmbusiness_process_managerMatch7.5.1.1standard

ibmbusiness_process_managerMatch7.5.1.2

ibmbusiness_process_managerMatch7.5.1.2advanced

ibmbusiness_process_managerMatch7.5.1.2express

ibmbusiness_process_managerMatch7.5.1.2standard

ibmbusiness_process_managerMatch8.0.0.0

ibmbusiness_process_managerMatch8.0.0.0advanced

ibmbusiness_process_managerMatch8.0.0.0express

ibmbusiness_process_managerMatch8.0.0.0standard

ibmbusiness_process_managerMatch8.0.1.0

ibmbusiness_process_managerMatch8.0.1.0advanced

ibmbusiness_process_managerMatch8.0.1.0express

ibmbusiness_process_managerMatch8.0.1.0standard

ibmbusiness_process_managerMatch8.0.1.1

ibmbusiness_process_managerMatch8.0.1.1advanced

ibmbusiness_process_managerMatch8.0.1.1express

ibmbusiness_process_managerMatch8.0.1.1standard

ibmbusiness_process_managerMatch8.0.1.2

ibmbusiness_process_managerMatch8.0.1.2advanced

ibmbusiness_process_managerMatch8.0.1.2express

ibmbusiness_process_managerMatch8.0.1.2standard

ibmbusiness_process_managerMatch8.0.1.3

ibmbusiness_process_managerMatch8.0.1.3advanced

ibmbusiness_process_managerMatch8.0.1.3express

ibmbusiness_process_managerMatch8.0.1.3standard

ibmbusiness_process_managerMatch8.5.0.0

ibmbusiness_process_managerMatch8.5.0.0advanced

ibmbusiness_process_managerMatch8.5.0.0express

ibmbusiness_process_managerMatch8.5.0.0standard

ibmbusiness_process_managerMatch8.5.0.1

ibmbusiness_process_managerMatch8.5.0.1advanced

ibmbusiness_process_managerMatch8.5.0.1express

ibmbusiness_process_managerMatch8.5.0.1standard

ibmbusiness_process_managerMatch8.5.0.2

ibmbusiness_process_managerMatch8.5.0.2advanced

ibmbusiness_process_managerMatch8.5.0.2express

ibmbusiness_process_managerMatch8.5.0.2standard

ibmbusiness_process_managerMatch8.5.5.0

ibmbusiness_process_managerMatch8.5.5.0advanced

ibmbusiness_process_managerMatch8.5.5.0express

ibmbusiness_process_managerMatch8.5.5.0standard

ibmbusiness_process_managerMatch8.5.6.0

ibmbusiness_process_managerMatch8.5.6.0advanced

ibmbusiness_process_managerMatch8.5.6.0express

ibmbusiness_process_managerMatch8.5.6.0standard

ibmbusiness_process_managerMatch8.5.6.2

ibmbusiness_process_managerMatch8.5.6.2advanced

ibmbusiness_process_managerMatch8.5.6.2express

ibmbusiness_process_managerMatch8.5.6.2standard

ibmbusiness_process_managerMatch8.5.7.0

ibmbusiness_process_managerMatch8.5.7.0advanced

ibmbusiness_process_managerMatch8.5.7.0express

ibmbusiness_process_managerMatch8.5.7.0standard

Node

ibmwebsphereMatch7.2lombardi

ibmwebsphereMatch7.2.0.1lombardi

ibmwebsphereMatch7.2.0.2lombardi

ibmwebsphereMatch7.2.0.3lombardi

ibmwebsphereMatch7.2.0.4lombardi

ibmwebsphereMatch7.2.0.5lombardi

References

www.securityfocus.com/bid/98074

www.ibm.com/support/docview.wss?uid=swg21998655

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

25.4%

JSON

Related for NVD:CVE-2016-9693

cvelist1 cve1 ibm1 prion1