CVE-2016-9717
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.
La anulación de parámetros HTTP es identificada en el producto IBM Infosphere Master Data Management (MDM) versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6. Permite a los atacantes exponer la presencia de parámetros duplicados que pueden producir un comportamiento irregular en la aplicación que puede ser potencialmente explotada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-01 CVE Reserved
- 2017-07-31 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100074 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22006605 | 2017-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/119730 | 2017-08-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Server Search vendor "Ibm" for product "Infosphere Master Data Management Server" | 10.1 Search vendor "Ibm" for product "Infosphere Master Data Management Server" and version "10.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Server Search vendor "Ibm" for product "Infosphere Master Data Management Server" | 11.0 Search vendor "Ibm" for product "Infosphere Master Data Management Server" and version "11.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Server Search vendor "Ibm" for product "Infosphere Master Data Management Server" | 11.3 Search vendor "Ibm" for product "Infosphere Master Data Management Server" and version "11.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Server Search vendor "Ibm" for product "Infosphere Master Data Management Server" | 11.4 Search vendor "Ibm" for product "Infosphere Master Data Management Server" and version "11.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Server Search vendor "Ibm" for product "Infosphere Master Data Management Server" | 11.5 Search vendor "Ibm" for product "Infosphere Master Data Management Server" and version "11.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Server Search vendor "Ibm" for product "Infosphere Master Data Management Server" | 11.6 Search vendor "Ibm" for product "Infosphere Master Data Management Server" and version "11.6" | - |
Affected
| ||||||