Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2E5C896ED71A7C63BA6B6E389880C03978BFA04CC2678267E26B3E7321AF2F55
HistoryJun 15, 2018 - 11:17 p.m.

Security Bulletin: A vulnerability in IBM Websphere Application Server affects IBM Cognos Metrics Manager (CVE-2016-5983)

2018-06-1523:17:51
www.ibm.com
14

0.015 Low

EPSS

Percentile

87.1%

JSON

Summary

A vulnerability has been addressed in the IBM WebSphere Application Server Liberty Profile component of IBM Cognos Metrics Manager.

Vulnerability Details

CVEID: CVE-2016-5983**
DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116468 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Cognos Metrics Manager 10.2.2

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version.

| Version| Interim Fix
—|—|—
IBM Cognos Metrics Manager| 10.2.2| IBM Cognos Business Intelligence 10.2.2 Interim Fix 14

Workarounds and Mitigations

None

CPENameOperatorVersion
cognos business intelligenceeq10.2.2

Related

cve 1
openvas 1
ibm 68
prion 1
cvelist 1
checkpoint_advisories 1
nvd 1
nessus 1
cve
cve
CVE-2016-5983
2016-10-05 10:59:18
openvas
openvas
IBM Websphere Application Server Code Execution vulnerability (Oct 2016)
2016-10-13 00:00:00
ibm
ibm
Security Bulletin: Code execution vulnerability in IBM MessageSight (CVE-2016-5983)
2018-06-17 15:32:07
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-5983)
2020-02-04 16:40:40
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (CVE-2016-5983)
2018-06-17 22:28:37
prion
prion
Code injection
2016-10-05 10:59:00
cvelist
cvelist
CVE-2016-5983
2016-10-05 10:00:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere WASPostParam cookie Untrusted Java Deserialization (CVE-2016-5983)
2016-10-30 00:00:00
nvd
nvd
CVE-2016-5983
2016-10-05 10:59:18
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities
2016-11-03 00:00:00

0.015 Low

EPSS

Percentile

87.1%

JSON
Related for 2E5C896ED71A7C63BA6B6E389880C03978BFA04CC2678267E26B3E7321AF2F55
cve1openvas1ibm68prion1cvelist1checkpoint_advisories1nvd1nessus1