IBM5BF04DCDD195CD5BA9E10E8BCA7128BEA8B3E0C1F52E967D92708E8057EDDA07Security Bulletin: Vulnerability in IMS™ Enterprise Suite: IMS Data Provider for Microsoft .NET
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
45.1%
Summary
Security defect.
Vulnerability Details
CVEID: CVE-2016-2887 DESCRIPTION: IBM IMS Enterprise Suite security defect affecting .NET application.
CVSS Base Score: 4.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113018 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
IMS™ Enterprise Suite: IMS Data Provider for Microsoft .NET version 3.2.0.0 and earlier.
Remediation/Fixes
Product
|
VRMF
|
APAR
| Download URL
—|—|—|—
IMS Enterprise Suite Data Provider for Microsoft .NET V3.2
|
3.2.0.1
|
| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | ims_enterprise_suite | 3.2 | cpe:2.3:a:ibm:ims_enterprise_suite:3.2:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
45.1%