CVE-2016-5953
Severity Score
3.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.
IBM Sterling Order Management transmite el identificador de sesión dentro de la URL. Cuando un usuario no puede ver una determinada vista debido a que no se autorizan permisos, el sitio web responde con una página de error en la que el identificador de sesión se codifica como Base64 en la dirección URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-06-29 CVE Reserved
- 2017-02-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95431 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21994521 | 2017-02-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Sterling Selling And Fulfillment Foundation Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" | 9.1.0 Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" and version "9.1.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Sterling Selling And Fulfillment Foundation Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" | 9.2.0 Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" and version "9.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Sterling Selling And Fulfillment Foundation Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" | 9.2.1 Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" and version "9.2.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Sterling Selling And Fulfillment Foundation Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" | 9.3 Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" and version "9.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Sterling Selling And Fulfillment Foundation Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" | 9.4 Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" and version "9.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Sterling Selling And Fulfillment Foundation Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" | 9.5 Search vendor "Ibm" for product "Sterling Selling And Fulfillment Foundation" and version "9.5" | - |
Affected
| ||||||