Lucene search

[email protected]CVE-2016-0389

HistoryJul 07, 2016 - 2:59 p.m.

CVE-2016-0389

2016-07-0714:59:01

CWE-200

[email protected]

web.nvd.nist.gov

cve-2016-0389

ibm websphere

was

liberty

security vulnerability

information disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch8.5.5.2liberty

ibmwebsphere_application_serverMatch8.5.5.3liberty

ibmwebsphere_application_serverMatch8.5.5.4liberty

ibmwebsphere_application_serverMatch8.5.5.5liberty

ibmwebsphere_application_serverMatch8.5.5.6liberty

ibmwebsphere_application_serverMatch8.5.5.7liberty

ibmwebsphere_application_serverMatch8.5.5.8liberty

ibmwebsphere_application_serverMatch8.5.5.9liberty

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq8.5.5.2
ibm:websphere_application_serveribm websphere application servereq8.5.5.3
ibm:websphere_application_serveribm websphere application servereq8.5.5.4
ibm:websphere_application_serveribm websphere application servereq8.5.5.5
ibm:websphere_application_serveribm websphere application servereq8.5.5.6
ibm:websphere_application_serveribm websphere application servereq8.5.5.7
ibm:websphere_application_serveribm websphere application servereq8.5.5.8
ibm:websphere_application_serveribm websphere application servereq8.5.5.9

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.2
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.3
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.4
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.5
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.6
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.7
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.8
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.9

References

www-01.ibm.com/support/docview.wss?uid=swg1PI62052

www-01.ibm.com/support/docview.wss?uid=swg21982012

www.securityfocus.com/bid/91515

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2016-0389

ibm6 cvelist1 prion1 nvd1 openvas1